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Abstract 


Advanced  Encryption  Standard  (AES)  is  a  worldwide  cryptographic  standard  for 
symmetric  key  cryptography.  Many  attacks  try  to  exploit  inherent  weaknesses  in  the 
algorithm  or  use  side  channels  to  reduce  entropy.  At  the  same  time,  researchers  strive 
to  enhance  AES  and  mitigate  these  growing  threats.  This  paper  researches  the  extension 
of  existing  Differential  Eault  Analysis  (DEA)  attacks,  a  family  of  side  channel  attacks, 
on  standard  AES  to  Dynamic  S-box  AES  research  implementations.  Theoretical  analysis 
reveals  an  expected  average  keyspace  reduction  of  2“^*  after  one  faulty  ciphertext 
using  DEA  on  the  State  of  Rotational  S-box  AES- 128  implementations.  Experimental 
results  revealed  an  average  2“^^  keyspace  reduction  and  confirmed  full  key  recovery 
is  possible. 


IV 


Table  of  Contents 


Page 

Abstract .  iv 

Table  of  Contents .  v 

List  of  Figures . viii 

List  of  Acronyms .  xi 

1.  Introduction .  1 

1.1  Motivation .  1 

1.2  Research  Objectives .  1 

1.3  Scope  and  Limitations  .  3 

1.4  Approach .  3 

1.5  Thesis  Organization .  3 

IT  Background .  4 

2. 1  Cryptology  .  4 

2.1.1  Properties .  5 

2.1.2  Attacks .  5 

2.1.3  Algorithms .  6 

2.2  AES .  7 

2.2.1  Galois  Field  2* .  8 

2.2.2  State  Operations  .  11 

2.2.3  Encryption .  13 

2.2.4  Decryption .  14 

2.2.5  Key  Expansion  Algorithm .  16 

2.3  Dynamic  S-box .  19 

2.3.1  Rotational  S-box .  19 

2.3.2  Chaotic  S-box  .  21 

2.3.3  Reduction  S-box .  21 

2.3.4  Switch  S-box .  21 

2.4  Brute  Force  Attacks .  21 

2.4. 1  Time/Memory  Trade-off .  22 

2.4.2  Brute  Force  Mitigation  Techniques .  22 

2.5  Differential  Fault  Analysis .  24 

2.5.1  DFA  on  the  State .  25 


V 


Page 


2.5.2  DFA  on  the  Key  Schedule .  26 

2.5.3  Round  Modification  Analysis  .  27 

2.5.4  DFA  on  the  Algorithm .  28 

2.5.5  DFA  Mitigation  Techniques .  28 

2.6  Background  Summary  .  28 

III.  Theoretical  Attack  Analysis .  29 

3.1  Problem  Definition .  29 

3.1.1  Goals  and  Hypothesis  .  29 

3.1.2  Approach .  29 

3.2  Attack  Targets  and  Sources .  30 

3.2.1  Potential  Attack  Targets  .  30 

3.2.2  Attack  Target  Implementation .  31 

3.2.3  Potential  Attack  Sources .  34 

3.2.4  Attack  Source  Implementation .  35 

3.3  Attack  Analysis .  41 

3.3.1  Rotation  Step  Analysis .  41 

3.3.2  Mapping  Rotate  to  an  Operation  in  GF(2^)  .  44 

3.3.3  Alternate  Attack  Analysis  on  Standard  AES .  44 

3.3.4  General  Extension .  46 

3.3.5  Reversing  the  Key  Schedule .  47 

3.4  Theoretical  Attack  Summary .  48 

IV.  Methodology  .  49 

4. 1  Problem  Definition .  49 

4.1.1  Goals  and  Hypothesis  .  49 

4.1.2  Approach .  49 

4.2  System  Boundaries .  50 

4.3  System  Services .  51 

4.4  Workload .  51 

4.5  Performance  Metrics .  51 

4.6  System  Parameters .  52 

4.7  Eactors .  52 

4.8  Evaluation  Technique .  53 

4.9  Experimental  Design .  54 

4.10  Methodology  Summary .  55 

V.  Analysis  of  Experimental  Attack  Results .  56 

5.1  Existing  Attack .  56 


VI 


Page 

5.2  Attack  Extension .  62 

5.3  Design  Suggestions .  71 

5.4  Analysis  Summary .  73 

VI.  Conclusion  .  74 

6.1  Impact .  74 

6.2  Contributions .  74 

6.3  Future  Work .  75 

Appendix  A:  Discussion  of  Rotational  S-box  Design  Decisions .  77 

Appendix  B:  RAES  Validation  Data .  87 

Bibliography  .  92 


vii 


List  of  Figures 


Figure  Page 

2. 1  High-Level  Encryption  and  Decryption .  4 

2.2  AES  Pseudocode  Based  on  [8] .  7 

2.3  Generic  AES  State  Representation  with  Byte  Indexing .  8 

2.4  AESS-box .  11 

2.5  AES  Shift  Row  operation .  12 

2.6  Mix  Column  Example .  12 

2.7  Generic  Add  Key  Step .  13 

2.8  Eogical  AES- 128  Encryption .  14 

2.9  AES- 128  Encryption .  15 

2.10  Eogical  AES- 128  Decryption .  16 

2.11  AES-128  Key  Schedule .  18 

2.12  Reversal  of  the  AES- 128  Key  Schedule .  20 

2.13  DEA  on  the  State  Eault  Propagation  in  AES-128  [16] .  25 

2.14  DEA  on  the  Key  Schedule  Eault  Propagation  in  AES- 128  [17] . 26 

2.15  DEA  on  the  Key  Schedule  Eault  Propagation  in  AES- 128  [17] . 27 

3.1  Eogical  RAES- 128  Encryption .  32 

3.2  Eogical  RAES- 128  Decryption .  34 

3.3  XOR  of  Correct  and  Eaulty  AES- 128  Encryption,  Rounds  8-10 . 36 

3.4  XOR  of  Correct  and  Eaulty  AES- 128  MC  Operation .  37 

3.5  XOR  MC  Walkthrough .  37 

3.6  XOR  of  Correct  and  Eaulty  AES- 128  AK  Operation . 38 

3.7  XOR  of  Correct  and  Eaulty  AES- 128  SB  Operation .  38 

3.8  XOR  of  Correct  and  Eaulty  AES- 128  SR  Operation .  39 

viii 


Figure  Page 

3.9  RAES  S-boxo .  42 

3.10  RAES  S-boxi .  42 

3.11  RAESS-box2 .  42 

3.12  XOR  of  Correct  and  Eaulty  RAES-128  Encryption,  Rounds  8-10 .  45 

3.13  XOR  of  Correct  and  Eaulty  AES- 128  Encryption,  Round  10 . 45 

4. 1  System  Boundaries .  50 

4.2  Eactors  and  Eevels .  53 

5.1  Histogram  of  AES- 128  Keyspace,  1  Eaulty  Ciphertext  Round  10  Reduction.  57 

5.2  Boxplot  of  AES- 128  Keyspace,  1  Eaulty  Ciphertext  Round  10  Reduction.  .  57 

5.3  Quartiles  of  AES- 128  Keyspace,  1  Eaulty  Ciphertext  Round  10  Reduction.  58 

5.4  Boxplot  of  Eog2  Transformed  AES- 128  ^°K  Keyspace,  1  Eaulty  Ciphertext 

Round  10  Reduction .  58 

5.5  Histogram  of  Eog2  Transformed  AES- 128  ^°K  Keyspace,  1  Eaulty  Ciphertext 

Round  10  Reduction .  59 

5.6  Histogram  of  AES-128  ^°K  Keyspace,  2  Eaulty  Ciphertext  Round  10  Reduction.  61 

5.7  Histogram  of  AES- 128  DEA  Runtime .  62 

5.8  Boxplots  of  Eog2  Transformed  RAES-128  ^°K  Keyspace,  1  Eaulty  Ciphertext 

Round  10  Reduction .  63 

5.9  Tukey  Multiple  Comparisons  of  Means  Test  of  RAES-128  Types,  1  Eaulty 

Ciphertext  Round  10  Reduction .  63 

5. 10  Histogram  of  RAES-128  ^°K  Keyspace,  1  Eaulty  Ciphertext  Round  10  Reduction.  64 

5.11  Quartiles  of  RAES-128  ^°K  Keyspace,  1  Eaulty  Ciphertext  Round  10  Reduction.  65 

5.12  HistogramofEog2  Transformed  RAES-128  ^°K  Keyspace,  1  Eaulty  Ciphertext 

Round  10  Reduction .  65 

5.13  Histogram  of  Remaining  Rio,  2  Eaulty  Ciphertext  Round  10  Reduction . 68 


IX 


Figure  Page 

5.14  Histogram  of  Log2  Transformed  Observed/2  RAES-128  Keyspace,  2 

Faulty  Ciphertext  Round  10  Reduction .  69 

5.15  Histogram  of  Observed/2  RAES-128  Keyspace,  3  Eaulty  Ciphertext  Round 

10  Reduction .  69 

5.16  Histogram  of  Required  Cipher  Pairs  for  Eull  Key  Recovery  on  RAES-128.  ...  70 

5.17  Histogram  of  RAES-128  DEA  Runtime .  71 

A. l  AES-KDS  Validation  Encryptions  [22] .  84 

B. l  AES-128  Encryption  and  Expanded  Key  of  [1]  Example  Data . 87 

B.2  RAES-128  Type  1  Encryption  and  Expanded  Key  of  [1]  Example  Data . 88 

B.3  RAES-128  Type  2  Encryption  and  Expanded  Key  of  [1]  Example  Data . 89 

B.4  RAES-128  Type  3  Encryption  and  Expanded  Keys  of  [1]  Example  Data . 90 

B.5  RAES-128  Type  4  Encryption  and  Expanded  Keys  of  [1]  Example  Data . 91 


X 


List  of  Acronyms 


Acronym 

Definition 

AES 

Advanced  Encryption  Standard 

AK 

AddRoundKey 

CUT 

Component  Under  Test 

DFA 

Differential  Fault  Analysis 

DEE 

Differential  Fault  Equations 

MC 

MixColumns 

NIST 

National  Institute  of  Standards  and  Technology 

RAES 

Rotational  S-box  AES 

rcon 

RoundConstant 

RMA 

Round  Modification  Analysis 

RRA 

Round  Reduction  Analysis 

RW 

RotateWord 

S-box 

Substitution  Box 

SB 

SubBytes 

SBR 

S-boxRotation 

SR 

ShiftRows 

SUT 

System  Under  Test 

SW 

SubWord 

XI 


EXTENDING  DIEEERENTIAE  EAUET  ANALYSIS  TO  DYNAMIC  S-BOX 


ADVANCED  ENCRYPTION  STANDARD  IMPLEMENTATIONS 


I.  Introduction 


1.1  Motivation 

Data  security  is  a  growing  concern  as  more  information  transitions  into  digital  formats. 
Toward  this  end,  the  National  Institute  of  Standards  and  Technology  (NIST)  establishes 
the  encryption  algorithm  standards  and  best  practices  within  the  United  States.  The 
current  standard  for  general  purpose  data  encryption,  established  in  2001,  is  the  Advanced 
Encryption  Standard  (AES)  [1].  As  the  quantity  and  sensitivity  of  data  entrusted  to  AES 
grows,  so  does  the  incentive  to  compromise  and  reveal  these  secrets,  thus  many  attacks 
try  to  exploit  inherent  weaknesses  in  the  algorithm  or  use  side  channels  to  reduce  entropy, 
such  as  Differential  Eault  Analysis  (DEA).  At  the  same  time,  continuing  research  strives  to 
bolster  the  security  of  AES  and  mitigate  these  growing  threats.  One  such  area  of  research 
replaces  a  static  component  of  the  AES  algorithm,  the  Substitution  Box  (S-box),  with  a 
dynamic  version.  This  research  extends  an  existing  DEA  attack  to  several  research  based 
Dynamic  S-box  AES  implementations. 

1.2  Research  Objectives 

The  following  itemizes  the  objectives  of  this  research. 

•  Determine  if  current  DFA  attacks  extend  to  Dynamic  S-box  AES  variants.  Both 
cryptanalysis  and  cryptography  are  complex  and  dependent  on  the  smallest  details. 
The  consequences  of  changing  any  part  of  the  target  algorithm  are  not  obvious,  and 
refitting  an  existing  attack  to  a  similar  but  new  algorithm  is  non-trivial. 


1 


•  Reveal  expected  keyspace  reduction  power  of  DFA  extensions.  Existing  attacks 
use  probabilistic  theoretical  analysis  for  computing  expected  keyspace  reduction 
power. 

•  Build  functional  attacks  which  demonstrate  full  key  and  plaintext  recovery. 

Working  examples  of  encryption  and  attack  variants  enable  verification  of  theoretical 
results  while  providing  tools  for  future  use  and  analysis. 

•  Provide  an  easy  to  follow  and  self-contained  resource  which  walks  through 
the  mechanics  and  analysis  of  DFA  attacks.  Current  research  provides  pointed 
discussions  of  advanced  methods  [7,  9,  16-18,  24,  26],  however  basic  understanding 
requires  less  powerful  methods  [4,  13,  28].  Although  fragmenting  analysis  makes 
new  research  lightweight,  it  burdens  nonexperts. 

•  Improve  the  overall  security  analysis  of  Dynamic  S-hox  AES  variants.  Often, 
research  does  not  thoroughly  test  new  encryption  proposals.  Certain  test  suites 
and  standards  exist  which  ensure  a  few  properties  hold  which  are  necessary,  but 
not  sufficient  for  a  secure  cryptographic  system  [3].  Rigorous  analysis  and  testing 
of  algorithms  requires  significant  time,  expertise  and  incentive.  Thus,  both  white 
and  black  hats  often  focus  on  widespread  standards  over  young  and  unadopted 
alternatives. 

•  Contribute  to  the  literature  of  theoretical  analysis.  Existing  work  provides  high- 
level  analysis,  but  often  omit  lower  level  details  and  actual  data.  This  research  aims 
to  address  all  levels  of  analysis,  and  building  functional  attacks  creates  actual  data  to 
verify  existing  and  new  theoretical  claims. 

•  Help  inform  and  shape  future  discussions  of  cryptographic  standards  and 
algorithmic  design  decisions. 
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1.3  Scope  and  Limitations 

This  research  considers  all  DFA  attacks  as  possible  sources  of  extension,  and  considers 
all  Dynamic  S-box  AES  implementations  as  possible  targets  over  which  to  extend.  All 
analysis  performed  only  applies  to  specific  source-target  implementation  pairs  chosen,  but 
the  leveraged  concepts  may  yield  results  on  other  sources  and  targets.  Due  to  the  high  level 
of  complexity  and  resources  required  for  actual  realization  of  DFA  attacks,  this  research 
instead  relies  on  software  simulated  implementations. 

1.4  Approach 

Extending  DFA  attacks  to  AES  variants  is  an  untouched  area  of  research.  As  the 
founding  work,  this  research  focuses  on  the  simplest,  non-trivial  and  interesting  target- 
source  combination.  Background  on  each  target  and  source  enables  a  brief  analysis  for 
choosing  this  target-source  combination.  This  research  then  extends  the  existing  source 
DFA  analysis  to  the  chosen  target  AES  variant.  Implementing  this  new  extended  attack  in 
software  validates  the  new  theoretical  analysis  and  demonstrates  actual  realization. 

1.5  Thesis  Organization 

The  remainder  of  this  document  is  as  follows:  Chapter  2  walks  through  the  existing 
research  including  some  basics  of  cryptography  and  field  theory,  current  Dynamic  S-box 
AES  designs,  and  an  overview  of  the  existing  DFA  attacks  on  AES.  Chapter  3  is  a  practice 
in  theory,  explicitly  defining  AES  variants  and  performing  the  theoretical  analysis  of  DFA 
extensions.  Chapter  4  describes  the  methodology  used  to  test  and  validate  these  attack 
extensions.  Chapter  5  discusses  the  experimentation  results,  specifically  their  significance 
and  how  well  they  align  with  the  theoretical  analysis  of  Chapter  3.  Eastly,  Chapter  6 
summarizes  this  work  and  discusses  future  areas  of  related  research. 
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II.  Background 


This  chapter  covers  a  few  basics  of  cryptology  in  Section  2. 1 ,  then  walks  through  AES- 
128  in  Section  2.2  and  a  few  basics  of  field  mathematics  in  Section  2.2.1.  A  discussion  of 
Dynamic  S-box  schemes  follows  in  Section  2.3.  Section  2.4  introduces  brute  force  attacks 
and  their  constraints.  Finally,  Section  2.5  introduces  DFA  attacks  providing  a  comparison 
of  attack  power  and  constraints. 

2.1  Cryptology 

Cryptology  encompasses  both  the  study  of  keeping  secrets,  cryptography,  and 
breaking  them,  cryptanalysis  [27].  To  secure  information,  an  encryption  algorithm 
transforms  the  clear  plaintext  message  into  a  ciphertext  using  a  secret  encryption  key.  To 
reveal  the  secret  message,  a  decryption  algorithm  transforms  a  ciphertext  back  into  the 
plaintext  using  a  secret  decryption  key.  Encrypting  with  different  keys  results  in  different 
ciphertexts,  and  only  the  correct  decryption  key  reveals  the  original  plaintext.  Figure  2. 1 
illustrates  this  black  box  view.  By  convention,  the  actors  involved  are  Alice,  who  encrypts 
plaintexts  and  sends  ciphertexts,  and  Bob,  who  receives  the  ciphertext  and  decrypts  back  to 
plaintexts.  The  attacker  is  Eve  who  has  access  to  ciphertexts  through  various  methods  such 
as  listening  to  network  traffic. 


Bob 


Decryption  Machine 

Plaintext 

t 

Decryption  Key 


Figure  2.1:  High-Fevel  Encryption  and  Decryption. 
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2.1.1  Properties. 

A  ‘good’  cryptographic  algorithm  is  one  which  is  theoretically  secure.  That  is,  the 
algorithm  leaks  no  information.  Given  arbitrary  ciphertexts,  Eve  knows  nothing  about 
the  associated  plaintexts  or  keys.  A  few  underlying  principles  and  properties  which  are 
necessary,  but  not  sufficient  for  a  secure  cryptographic  algorithm  follow. 

•  Confusion.  The  ciphertext  does  not  relate  in  a  simple  way  to  the  key  [27]. 

•  Diffusion.  Each  bit  of  the  plaintext  affects  many  bits  of  the  ciphertext.  Similarly, 
each  bit  of  the  ciphertext  relies  on  many  bits  of  the  plaintext  [27]. 

•  Avalanche  Criterion.  Changing  one  bit  of  the  plaintext  or  key  should  flip  about  half 
of  the  ciphertext  bits  [12]. 

•  Non-linearity.  A  simple  linear  function  (addition  and  multiplication)  on  the  input 
cannot  closely  approximate  the  ciphertext. 

•  Apparent  Complete  Randomness.  Produced  ciphertexts  statistically  appear  to  be 
completely  random. 

•  Large  Keyspace.  The  encryption  key  size  is  sufficiently  large  enough  to  make  a 
brute  force  attack  infeasible  (see  Section  2.4). 

•  Kerchkoff ’s  Principle.  Algorithms  should  not  rely  on  security  through  obscurity. 
Instead,  Alice  and  Bob  should  always  assume  Eve  knows  the  algorithm  [27]. 

2.1.2  Attacks. 

Cryptanalysis  attacks  conventionally  divide  into  four  categories  based  on  the 
information  available.  This  section  includes  a  fifth  category,  side  channel,  which  acts  as  an 
additional  optional  descriptor  to  supplement  the  first  four.  Eor  the  following  explanatory 
situations  the  encryption  and  decryption  machines  use  secret  keys  which  the  operator 
cannot  access. 
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•  Ciphertext  Only.  Eve  only  has  access  to  ciphertexts,  but  no  access  to  the  encryption 
or  decryption  machines.  Access  to  ciphertexts  is  always  assumed,  otherwise  there 
would  be  no  need  for  Alice  to  encrypt  her  messages  to  Bob. 

•  Known  Plaintext.  Eve  has  no  access  to  the  encryption  or  decryption  machines,  but 
has  knowledge  of  what  certain  plaintext(s)  encrypt  to.  This  encompasses  ciphertext 
only. 

•  Chosen  Plaintext.  Eve  has  access  to  the  encryption  machine.  She  can  encrypt  a 
number  of  plaintexts  to  manufacture  associated  (plaintext,  ciphertext)  pairs.  This 
encompasses  known  plaintext  and  ciphertext  only. 

•  Chosen  Ciphertext.  Eve  has  access  to  the  decryption  machine.  She  can  decrypt  a 
number  of  ciphertexts  to  manufacture  associated  (ciphertext,  plaintext)  pairs.  This 
encompasses  ciphertext  only. 

•  Side  Channel.  Eve  has  access  to  information  not  directly  tied  to  the  algorithm,  such 
as  timing,  processor  sounds,  power  usage  or  outside  information. 

2.1.3  Algorithms. 

Two  main  encryption  schemes  exist:  symmetric  and  asymmetric  (also  known  as 
private  and  public  key).  In  an  asymmetric  (public  key)  algorithm,  decryption  is  a  function 
which  acts  upon  the  ciphertext  to  restore  it  to  the  plaintext,  but  decryption  is  not  the 
inverse  of  encryption.  Encryption  is  a  computationally  efficient  function,  but  the  inverse  is 
computationally  inefficient,  such  as  factoring  a  large  number.  As  a  result  decryption  is  a 
different  function  which  relies  on  a  different  key  to  efficiently  undo  the  work  of  encryption. 
RSA  is  the  most  recent  standard  public  key  algorithm  [2].  In  a  symmetric  (private  key) 
algorithm,  decryption  is  the  inverse  of  encryption.  That  is,  encryption  is  an  easily  invertible 
function  reliant  on  a  key.  The  same  key  enables  both  decryption  and  encryption.  Often 
users  and  developers  choose  symmetric  encryption  schemes,  rather  than  asymmetric,  to 
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encrypt  large  volumes  of  data  because  of  their  increased  speed.  AES  is  the  most  recent 
standard  symmetric  key  algorithm  [2],  and  is  what  this  paper  examines. 

2.2  AES 

AES  is  a  worldwide  standard  symmetric  key  encryption  algorithm  defined  in  [1]. 
Being  symmetric,  the  same  secret  key  enables  both  encryption  and  decryption  of  a 
particular  message,  and  decryption  is  the  inverse  of  encryption.  Unprotected  input 
messages  are  plaintexts,  P,  while  the  secure  outputs  are  ciphertexts,  C,  both  of  length  128 
bits.  Eigure  2.2  displays  pseudocode  for  AES,  and  Section  2.2.3  further  details  the  process. 


def  AES_Encryption( plaintext,  key,  sire): 

nbrRounds  =  getNbrRounds(size) 

expandedKeySize  =  16*(nbrRounds+l) 

expandedKey  =  expandKey(key,  size,  expandedKeySize) 

state  =  transpose(plaintext) 

roundKey  =  createRoundKey(expandedKey,  0) 
state  =  addRoundKey(state,  roundKey) 

for  i  in  range(l,  nbrRounds): 

roundKey  =  createRoundKey(expandedKey,  16*i) 

state  =  subBytes(state) 

state  =  shiftRows(state) 

state  =  mixColumns( state) 

state  =  addRoundKey( state,  roundKey) 

roundKey  =  createRoundKey(expandedKey,  16*nbrRounds) 
state  =  subBytes(state,  False) 
state  =  shiftRows( state.  False) 
state  =  addRoundKey(state,  roundKey) 

ciphertext  =  transpose(state) 
return  ciphertext 

Eigure  2.2:  AES  Pseudocode  Based  on  [8]. 


7 


The  data  of  the  algorithm  at  intermediate  stages  of  eneryption  and  deeryption  is  the 
state,  S.  To  establish  a  standard  throughout  this  paper,  refereneing  of  the  state  uses  up  to 
three  indexes:  'S^.  The  round  index  is  i,  j  is  the  operation  index  and  k  is  the  byte  index: 
round ^op^eration ^  ^  matrix  of  bytes  represents  eaeh  partieular  state with  k  £  {0, 1, ...,  15} 
indexed  as  shown  below  in  Figure  2.3.  Alternatively,  k  £  {RO,  Rl,  R2,  R3}  or  k  £  {CO, 
Cl,  C2,  C3)  referenees  a  row  or  eolumn  of  the  state  respeetively,  top  to  bottom  and 
left  to  right,  rather  than  a  partieular  byte.  Key  lengths  are  128,  192,  or  256  bits  with 
inereased  length  eorresponding  to  stronger  theoretieal  eryptographie  properties.  These  key 
lengths  identify  implementations  of  AES:  AES- 128,  AES- 192,  and  AES-256.  Referenee 
to  the  key  is  equivalently  the  seeret  key  and  the  eneryption  key.  The  algorithm  eonsists 
of  four  repeated  steps  performed  on  the  state:  SubBytes,  ShiftRows,  MixColumns,  and 
AddRoundKey.  Seetion  2.2.2  diseusses  eaeh  in  detail. 


So 

Si 

S2 

S3 

S4 

S5 

Se 

S7 

Ss 

S9 

Sio 

Sii 

S12 

Sl3 

Sl4 

Sl5 

Eigure  2.3:  Generie  AES  State  Representation  with  Byte  Indexing. 


2.2.1  Galois  Field  2^. 

AES  uses  the  Galois  Eield  GE(2*),  a  number  system,  for  mathematieal  manipulations 
of  bytes,  treating  them  as  polynomials.  GE(2^)  provides  unique  properties  for  ealeulation  of 
all  bit  manipulations,  hexadeeimal  notation  simply  improves  portability  and  ease  of  storage. 
Eaeh  bit  in  the  byte  b-]b(,b5b4bj,b2bibQ,  where  bi  is  the  bit,  represents  the  eoeflieient  of 
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the  x'  term  of  the  polynomial 


bjx^  +  b^x^  +  bsx^  +  b^x^  +  bj,x^  +  b2X^  +  b\x^  +  b^x^. 


For  example, 

0xA4  =  1010  0100  =  1/  +  0/  +  l;c^  +  O/  +  0;c^  +  l;c^  +  0;c^  +  O/  =  /  +  /  + 

The  base  2  in  GF(2^)  represents  that  coefficients  are  in  modulus  two.  The  following 
example  highlights  addition. 

0xA4  +  0x86  =  1010  0100  +  1000  0110 

=  (l.r^  +  0.r^  +  l.r^  +  0.r"^  +  0.r^  +  l.r^  +  0.r^  +0.r°)  +  (l.r’  +  0jc^  +  0.r^  +  0.r'^  +  0.x:^  +  l.x:^  +  Ijc^  +0.r°) 

=  +  x^)  +  (x^  +  x^  +  x) 

=  lx'  +  .r^  +  2.r^  +  .r 
=  .r^  +  ;c  =  0010  0010  =  0x22 
Thus,  addition  is  simply  the  bitwise  XOR  operation,  that  is, 

1010  0100 
0  1000  0110 
0010  0010  =  0x22. 

This  observation  has  several  implications.  It  affirms  the  intuition  that  0  is  the  additive 
identity  I,  since  for  any  byte  jS,  /3  +  0=  yS=jS+I.  Also,  the  XOR  of  any  number  with  itself 
is  0,  so  for  any  byte  ;0,  jS  +  jS  =  0.  From  this  property  an  inverse  of  addition  exists  and  is,  in 
fact,  itself.  For  any  byte  a: 

(J3  + a) +  a=  /3  + (a  +  a)  =  l3  +  0=  /3 


9 


This  fact  enables  further  manipulation  of  equations.  In  the  real  numbers,  performing 
the  inverse  of  ‘+5’  to  both  sides  of  the  equation,  .r  +  5  =9,  solves  for  x,  resulting  in 
.r  +  5-  5  =  9-  5=>.r  =  4.  Similar  manipulations  are  possible  in  GF(2^).  Supposing  j3  is 
some  unknown  byte  with  the  relation,  j3  +  0x14  =  0x96,  it  is  now  possible  to  solve  for  yS, 

j3  +  0x14  +  0x14  =  0x96  +  0x14  ^  j3  =  0x82. 

Additionally,  it  is  impossible  to  add  together  any  two  numbers  within  GF(2^)  and 
end  up  with  a  number  outside  of  GF(2^).  Because  of  this,  GF(2^)  is  said  to  be  closed 
under  addition.  Further,  addition  in  GF(2^)  is  commutative,  a  +  /3  =  /3  +  a,  and 
associative,  a  +  (J3  +  y)  =  (a  +  /3)  +  y.  These  are  important  and  non-trivial  properties. 
For  perspective,  subtraction  is  not  commutative,  5-4  =  1  -1  =  4-5,  or 

associative,  5  -  (4  -  1)  =  5  -  (3)  =  2  0  =  (1)  -  1  =  (5  -  4)  -  1,  over  the  Integers, 

and  division  is  not  closed  over  the  Integers,  2-^3  =  2/3  ^  Z. 

The  exponent  of  8  represents  that  eight  powers  of  x,  zero  through  seven,  make  up 
elements  of  GF(2^).  If  multiplication  achieves  a  power  of  x  greater  than  or  equal  to  eight, 
a  reduction  occurs  using  the  irreducible  polynomial  for  GF(2^),  x^  +  x‘^  +  x^  +  x  +  1.  This 
polynomial  enables  construction  of  GF(2^),  specifically  the  relation  x^ +  x'^ +  x^  +  x+l  =0. 
So,  the  equivalence  relation  for  reducing  polynomials  to  powers  less  than  8  is  = 
x‘^  +  x^  +  X  +  1.  Using  this  relation  the  following  example  illustrates  multiplication. 

0xA4  •  0x02  =  1010  0100  •  0000  0010 

=  ( 1/ + 0/  + 1/ + 0/  +  Ox^  +  lx'^+0x^+  0/)  •  (0/ + 0/ + 0/  +  0/  +  Ox^  +0x'^  +  lx^+  O/) 

=  {x''  +  X^  +  x^)-  X 
=  x^  +  x^  +  x^ 

=  {x  +  X^  +  X  +  1)  +  x^  +  x^ 

=  x^  X  +  2x^  +  X  +  1 
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=  x^  +  x^  +  x+l=  0101  0011  =  0x53. 


Because  of  the  relation  x^  =  x^  +  x^  +  x  +  I,  GF(2^)  is  also  closed  under  multiplication. 
Multiplying  the  reduction  by  an  appropriate  power  of  x  reduces  powers  greater  than  8.  For 
example,  =  x^  ■  x^  =  x^{x^  +  +  x  +  1)  =  x’  +  x^  +  x^  +  x^.  This  also  illustrates 

that  multiplication  distributes  over  addition.  The  multiplicative  identity,  like  in  the  Real 
Numbers,  is  1.  Lastly,  every  element  aside  from  0  has  a  multiplicative  inverse  (i.e.,  for 
every  p  there  exists  an  a  such  that  fS  •  a  =  1). 

2.2.2  State  Operations. 

•  SubBytes  (SB).  [Substitution]  The  S-box  performs  bytes  substitutions.  This 
transforms  one  byte  at  a  time,  altering  every  byte  in  the  state  matrix.  The  S-box 
is  an  8-bit  16x16  table  built  from  an  affine  transformation  on  multiplicative  inverses 
which  guarantees  full  permutation  (S-box(a)  a)  and  provides  non-linearity  [1,  25]. 
A  table  logically  represents  this  substitution  function  such  that  the  incoming  higher 
order  nibble  identifies  the  row,  while  the  lower  nibble  identifies  the  column.  The 
corresponding  table  entry  then  replaces  the  incoming  byte.  This  substitution  function 
is  fixed  and  well  known.  Figure  2.4  is  a  representation  of  the  S-box.  An  example 
lookup  is  S-box(0xl2)  =  0xC9. 
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Figure  2.4:  AES  S-box. 
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ShiftRows  (SR).  [Rotation]  This  step  cyclically  shifts  the  bytes  in  each  row  providing 
inter-column  diffusion.  Iterating  over  every  row,  the  row  rotates  i  bytes  to  the  left, 
visually  diagonalizing  the  columns  for  /  E  (0, 1, 2, 3}.  Figure  2.5  below  illustrates  the 
generic  application  of  SR  to  the  state. 


Figure  2.5:  AES  Shift  Row  operation. 


MixColumns  (MC).  [Linear  Combination]  An  invertible  linear  transformation 
provides  intra-column  diffusion.  A  fixed  and  well-known  matrix  M  multiplies  with 
each  column  of  the  state,  Sa  for  i  £  [0, 1, 2, 3}.  Figure  2.6  shows  the  multiplication 
of  this  fixed  matrix  with  the  first  column  of  the  state,  M  x  Sco-  Multiplication  and 
addition  are  as  defined  in  GF(2^). 


2 

3 

1 

1 

1 

2 

3 

1 

1 

1 

2 

3 

3 

1 

1 

2 

X 


_S^ 

Sl2 


2So  +  3S4  +  Ss  +  Si2 
So  +  2S4  +  3S8  +  S12 
So  +  S4  +  2S8  +  3Si2 
3So  +  S4  +  S8  +  2Si2 


Figure  2.6:  Mix  Column  Example. 


•  AddRoundKey  (AK).  [Addition  /  Exclusive  Or]  This  step  integrates  the  round  key 
with  eaeh  state  byte  adding  them  together  in  the  field  (i.e.,  using  the  XOR  funetion). 
Figure  2.7  illustrates  the  AK  operation. 
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Figure  2.7:  Generie  Add  Key  Step. 


2.2.3  Encryption. 

Depending  on  the  AES  implementation  (128,  192  or  256  bit  key),  the  algorithm 
iterates  over  the  state  operations  10,  12  or  14  times  ereating  rounds  with  an  additional 
round  zero  applieation  of  AK,  and  the  last  round  (10,  12  or  14)  omitting  MC.  Figure 
2.8  shows  AES-128  eneryption  as  a  logieal  applieation  of  operations  that  form  the  rounds. 
Figure  2.9  depiets  the  AES-128  eneryption  algorithm  left  to  right,  top  to  bottom,  and  shows 
proper  round  and  operation  state  indexing.  The  algorithm  stores  the  plaintext  into  the  state 
by  eolumn  rather  than  by  row,  and  similarly  outputs  eiphertext  by  eolumn  rather  than  by 
row. 
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Figure  2.8:  Logical  AES-128  Encryption. 


2.2.4  Decryption. 

Decryption  is  simply  the  inverse  of  each  step  performed  in  the  opposite  order,  using 
the  round  keys  in  reverse  order.  The  inverse  algorithm  steps  are  InverseSubBytes  (SB“^), 
InverseShiftRows  (SR“^),  InverseMixColumns  (MC~^)  and  AddRoundKey  (AK).  Eigure 
2.10  shows  the  logical  flow  of  decryption,  bottom  to  top. 

•  SB“^  The  inverse  S-box  reverses  the  lookup  process. 

•  SR“^  The  row  rotates  i  bytes  to  the  right,  i  e  [0, 3]. 

•  MC“^  Matrix  multiplication  with  the  inverse  of  the  constant  matrix  used  in  MC. 

•  AK.  XOR  is  its  own  inverse,  thus  AK“^  =  AK,  and  AK  is  sufficient. 
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Figure  2.10:  Logical  AES- 128  Decryption. 


2.2.5  Key  Expansion  Algorithm. 

Another  important  aspect  of  AES  is  the  generation  of  round  keys  through  expansion  of 
the  encryption  key.  AES-128  expands  the  4x4  representation  into  a  4x44,  or  11  4x4  round 
keys.  Similarly,  AES- 192  expands  4x6  to  4x52,  and  AES-256  from  4x8  to  4x60.  This 
expansion  algorithm  is  the  key  schedule.  Below  are  the  relevant  aspects  of  the  process 
for  AES-128;  AES-192  and  AES-256  are  logically  similar.  The  following  list  defines 
necessary  operations  and  terminology. 

•  RotateWord  (RW).  Similar  to  the  ShiftRow  operation,  a  four  byte  word  rotates  one 
byte  to  the  left,  such  that  the  first  byte  becomes  the  last  byte  (e.g.,  RW(01  AB  DC 
EE)  =  AB  DC  EE  01). 

•  SubWord  (SW).  Similar  to  the  SubByte  operation,  the  S-box  substitutes  each  byte  of 
a  four  byte  word. 
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•  RoundConstant  (rcon).  Represents  the  exponentiation  of  2  within  GF(2^),  rcon(i) 


=  x'  ^  Rounds  1-10  use  an  rcon  value.  Table  2.1  shows  the  computation  of  each  of 
these  values. 


rcon(l) 

=  x°  = 

1 

=  0000  0001 

rcon(2) 

=  xi  = 

X 

=  0000  0010 

rcon(3) 

=  x2  = 

X2 

=  0000  0100 

rcon(4) 

=  X^  = 

X^ 

=  0000  1000 

rcon(5) 

=  x"  = 

x" 

=  0001  0000 

rcon(6) 

=  x^  = 

x^ 

=  0010  0000 

rcon(7) 

=  x^  = 

x^ 

=  0100  0000 

rcon(8) 

=  x’  = 

x^ 

=  1000  0000 

rcon(9) 

=  x«  = 

x"^  -1-  X^  -1-  X  -1-  1 

=  0001  1011 

rcon(lO) 

=  x‘^  = 

S  d.  9 

X^  -1-  X  -1-  X  -1-  X 

=  00110110 

Table  2.1:  Calculation  of  Rcon  Values  1-10. 


By  convention,  W  is  the  expanded  round  key  matrix  with  lT[/][j]  denoting  the 
column  [0-43],  byte  [0-3].  As  with  storing  the  plaintext  in  °S°,  the  first  four  columns 
of  W  are  the  encryption  key,  filled  by  column.  These  first  four  columns  are  the  round  0 
key,  with  each  subsequent  set  of  four  columns  being  the  next  round  key.  For  columns  4-43: 
VF[z]  =  W\i  -  4]  ©  jS.  If  i  is  not  divisible  by  4  (i.e.,  if  the  current  column  is  not  the  first 
column  of  a  round  key),  then  beta  equals  VF[z  -  1].  However,  if  i  mod  4  =  0  (i.e.,  the 
current  column  is  the  first  column  of  round  r’s  key),  then  beta  equals  SW(RW(VF[z  -  1]))  © 
[rcon(r),  0,  0,  0].  From  this,  round  i  key  'K  =  [W(4-i)  -  W(4-i  +  3)].  Figure  2.11  depicts  the 
AES- 128  key  schedule. 
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Figure  2.11:  AES-128  Key  Schedule. 
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Knowing  the  last  round  key,  ^°K,  enables  reversal  of  the  128  bit  key  schedule  since 
RW,  SW,  and  rcon  are  all  fixed  and  well  known.  Figure  2.12  illustrates  this  process.  Normal 
use  encryption  and  decryption  never  reverse  the  key  schedule,  instead  always  building  up 
the  expanded  key  from  the  encryption  key.  However,  many  attacks  leverage  this  property; 
recovery  of  Kio  reveals  the  encryption  key. 

2.3  Dynamic  S-box 

The  S-box  specifically  is  a  common  focus  of  research  because  it  is  the  only  operation 
adding  non-linearity.  Several  dynamic  S-box  AES  approaches  exist  including:  S-box 
rotation  [15,  22],  chaotic  S-box  generation  [10,  21,  30-32],  switch  S-boxes  [5]  and  using 
different  irreducible  polynomials  in  GF(2^)  for  S-box  construction  [6].  A  brief  explanation 
of  each  follows. 

2.3.1  Rotational  S-box. 

This  research  variant  of  AES  uses  an  altered  key  schedule  to  create  two  expanded 
keys:  one  for  encryption,  and  one  for  rotation.  The  Rotational  S-box  variant  also  introduces 
a  new  algorithmic  step,  S-boxRotation,  performed  at  the  start  of  each  round  except  round 
zero.  Each  round  uses  one  of  these  256  S-boxes.  This  new  algorithm  reportedly  matches 
or  slightly  exceeds  the  performance  of  standard  AES  for  diffusion  through  avalanche  effect 
measures  and  Strict  Avalanche  Criterion  [15,  22]. 

•  S-boxRotation  (SBR).  Based  on  a  manipulation  of  the  round  rotation  key,  the  S-box 
rotates  a  specified  amount  (round  rotation  value)  to  the  left.  This  rotation  is  a  cyclic 
byte  rotation,  wrapping  around  from  the  top  left  to  the  bottom  right  of  the  S-box. 
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Figure  2.12:  Reversal  of  the  AES- 128  Key  Schedule. 
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2.3.2  Chaotic  S-box. 


This  research  variant  of  AES  computes  an  S-box  for  each  encryption  key  by  applying 
a  chaotic  function  on  the  encryption  key.  So,  in  AES-128,  up  to  2™  unique  possible  S- 
boxes  exist,  but  each  encryption  only  relies  on  one.  Chaotic  schemes  are  a  popular  choice 
for  cryptographic  applications  due  to  their  sensitivity  to  initial  conditions,  non-linearity, 
appearance  of  randomness,  and  determinism  [10,  21,  30-32].  Existing  methods  include  use 
of  logistic  map  [10,  32],  coupled  map  lattice  of  spatiotemporal  chaos  [21]  and  a  piecewise 
linear  chaotic  map  [30,  31]. 

2.3.3  Reduction  S-box. 

This  research  variant  of  AES  allows  choice  of  the  S-box  used  by  making  the 
irreducible  polynomial  over  GE(2^),  conventionally  x^  =  x"^  -l-  x^  -l-  x  -l-  1,  which  the  S- 
box  construction  uses  by  way  of  multiplicative  inverses,  an  encryption  parameter.  Sending 
this  polynomial  with  the  key  enables  decryption  [6] .  Since  30  irreducible  polynomials  exist 
in  GE(2^),  30  possible  S-boxes  exist.  No  other  logical  changes  apply  to  the  algorithm. 

2.3.4  Switch  S-box. 

This  research  variant  of  AES  uses  a  pseudo-random  number  generator  to  determine  if 
encryption  uses  the  S-box  or  inverse  S-box.  Decryption  then  uses  the  other.  Alice  appends 
0  or  1  to  the  ciphertext  to  signify  which  S-box  decryption  requires.  So,  each  encryption 
uses  one  of  two  S-boxes  [5]. 

2.4  Brute  Force  Attacks 

Two  types  of  brute  force  attacks  exist,  online  and  offline.  In  both  types.  Eve  throws 
resources  at  the  problem  to  test  all  possibilities  until  revealing  the  secret.  Online  brute 
force  attacks  do  not  require  Eve  to  have  any  knowledge  of  a  system.  Instead,  she  attempts 
to  use  a  password  protected  service,  such  as  online  banking  or  hard  drive  decryption,  with 
every  possible  key  (and  potentially  username).  Because  online  brute  force  attacks  rely  on 
authenticating  with  a  service,  these  attacks  cannot  leaverage  precomputation  and  instead 
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occur  in  real  time.  Offline  brute  force  attacks  are  a  realization  of  a  known  plaintext, 
chosen  plaintext  or  chosen  ciphertext  attacks.  For  example,  if  Eve  knows  E(P)  =  C,  she 
can  encrypt  P  with  every  possible  K  until  a  match  of  C  is  found.  Offline  brute  force 
attacks  can  leverage  precomputation  and  vary  in  complexity  and  approach  ranging  from 
exhaustive  search  and  table  lookup,  to  combinatory  Time/Memory  Tradeoff  attacks  such  as 
Rainbow  Tables.  Brute  force  attacks  succeed  when  computation  time,  block  size,  or  key 
size  are  sufficiently  small.  Attacks  on  AES,  and  all  cryptographically  secure  solutions,  are 
infeasible  by  definition  due  to  computation  time  and  storage  costs  [27].  AES  allows  for  an 
increase  in  both  with  its  AES- 192  and  AES-256  implementations. 

2.4.1  Time/Memory  Trade-off. 

If  Eve  has  a  known  plaintext,  one  which  remains  constant  and  often  used  by  Alice, 
such  as  a  header  “Dear  Bob,”,  the  time  intensive  extreme  of  this  spectrum  dictates  Eve 
encrypting  the  plaintext  with  every  possible  key,  and  each  time  checking  for  a  match  against 
the  ciphertext.  This  method  is  good  for  singular  attacks,  but  quickly  repeats  a  great  deal 
of  work  if  Alice  changes  the  key.  The  memory  intensive  extreme  of  this  spectrum  has 
Eve  encrypting  this  known  plaintext  with  every  possible  key,  and  creating  a  dictionary  of 
(ciphertext,  key)  entries.  Now  each  time  the  key  changes.  Eve  only  needs  to  perform  a 
lookup  to  obtain  the  new  key.  Compromises  between  these  two  extremes  are  often  the 
best  option,  so  as  to  reduce  repeated  work,  while  maintaining  a  reasonable  storage  burden. 
Similar  trade-offs  are  commonplace  within  cryptanalysis,  with  the  best  option  dictated  by 
the  attacker’s  available  resources  and  goals. 

2.4.2  Brute  Force  Mitigation  Techniques. 

As  previously  stated,  the  three  algorithmic  factors  which  affect  the  feasibility  of  a  brute 
force  attack  are  computation  time,  block  size,  and  key  size.  The  following  list  explores  each 
in  more  detail. 
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•  Computation  Time.  Often  simply  encryption  time,  this  is  the  time  required  to 
try  one  possible  key.  Longer  and  more  complex  algorithms  and  artificial  delays 
increase  this  burden.  Artificial  delays  are  practical  against  online  brute  force  attacks 
where  Eve  must  interface  with  a  front  end  authentication  rather  than  the  encryption 
algorithm  directly.  Small  increases  significantly  burden  the  attacker  while  remaining 
unnoticeable  to  users.  Considering  a  hypothetical  encryption  system  which  encrypts 
in  one  nanosecond  and  a  target  algorithm  that  has  keys,  key  recovery  requires  a 
maximum  of: 


keys  x 


1  sec 
10^  keys 


1  day 
86400  sec 


13  days. 


However,  artificially  suppressing  the  encryption  time  to  0.001  seconds,  still 


apparently  instantaneous  to  an  end  user,  jumps  this  to: 


2^°  keys  x 


1  sec 


X 


1  day 


X 


1  year 


10^  keys  86400  sec  365.25  days 


35,678  years. 


•  Block  Size.  This  is  the  amount  of  data  encrypted  at  once.  If  Eve  wants  to  store  all 
the  encryptions  of  a  particular  byte  plaintext  for  an  algorithm  with  2"^°  keys  (6  byte 
key  +  1  byte  ciphertext  =  7  bytes  per  iteration),  it  requires: 


7  bytes  1  terabyte  .r., 

X  Tzrz^rr-. - X  2  iterations  «  7.7  terabytes. 


1  iteration  1000"*  bytes 

This  although  quite  large  is  not  wholly  unreasonable.  If  the  block  size  increases  from 
1  byte  to  16  bytes,  this  changes  to  (6  byte  key  +  16  byte  ciphertext  =  22  bytes  per 
iteration)  requiring: 


22  bytes 
1  iteration 


1  terabyte 
1000“^  bytes 


X  2^*^  iterations 


24.2  terabytes. 


Again  actual  storage  space  is  feasible  provided  a  specialized  computing  environment 
or  a  specific  investment  in  storage,  however  efficiently  managing  and  accessing  this 
data  becomes  increasingly  complex,  especially  if  Eve  targets  several  plaintexts. 
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•  Key  Size.  This  affects  both  storage  and  time  constraints  directly,  however  most 
restrictive  to  time.  Assuming  a  hypothetical  encryption  system  which  encrypts  in 
1  X  10“^^  seconds  and  a  target  algorithm  that  has  keys,  recovery  requires  a 
maximum  of: 


keys  x 


1  sec  1  day 

10^^  keys  86400  sec 


1  year 
365.25  days 


38  years. 


Although  a  substantial  amount  of  time  and  computing  power,  conceivably  secrets 
exist  worth  the  investment.  Increasing  the  key  space  to  the  equivalent  of  AES,  this 
becomes  impossible: 


2'^^  keys  x 


1  sec  1  day  1  year 

10^^  keys  ^  86400  sec  ^  365.25  days 


1.08  X  10^^  years. 


2.5  Differential  Fault  Analysis 

DFA  is  a  category  of  side  channel  attacks,  which  leverage  physical  implementations 
rather  than  theoretical  weaknesses  in  the  cryptographic  algorithm.  DFA  relies  on  inducing 
faults  through  controllable  external  factors  such  as  voltage  fluctuations,  clock  cycle  speed 
or  a  laser.  These  physical  effects  cause  the  current  operation  to  resolve  incorrectly,  and  just 
inject  one  or  more  random  byte  faults.  The  algorithm  continues  execution  to  completion, 
propagating  the  fault  and  creating  a  faulty  ciphertext.  This  faulty  ciphertext  and  its 
corresponding  correct  ciphertext,  in  conjunction  with  knowledge  of  timing  and  placement 
of  the  original  fault  allow  for  the  construction  of  Differential  Fault  Equations  (DFE). 
Solving  these  equations  reduces  the  possible  encryption  key  space,  fully  revealing  the  key 
or  making  brute  force  attacks  feasible.  Central  to  the  success  of  these  equations  is  the 
SubBytes  operation. 

DFA  divide  into  four  main  categories:  DFA  on  the  State  [4,  13,  16,  19,  26],  DFA  on 
the  Key  Schedule  [7,  17],  Round  Modification  Analysis  [4,  9],  and  DFA  on  the  Algorithm 
[4,  7,  24].  Focation  of  fault  induction  and  the  assumptions  made  about  the  faults 
differentiate  these  attacks.  The  actual  implementation  and  realization  of  these  faults  is 
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another  area  of  research  entirely  outside  the  scope  of  this  paper.  However,  [9,  14,  18,  24] 
demonstrate  arbitrary  assumptions  about  fault  placement  and  timing  are  reasonable. 

2.5.1  DFA  on  the  State. 

Fault  injection  logically  produces  a  fault  in  the  state  just  before  the  MixColumns 
operation  of  round  r,  a  near  terminal  round.  Actual  injection  of  the  fault  can  occur  during 
any  operation  between  MixColumns  of  rounds  r  -  1  and  r.  Without  loss  of  generality  the 
fault  is  random  and  corrupts  byte  0,  Sq.  MixColumns  and  ShiftRows  propagate  this  fault, 
building  up  relations  within  the  columns  of  the  XOR  of  the  correct  and  faulty  ciphertext. 
Figure  2.13  shows  fault  propagation  in  AES-128  with  the  fault  injected  at  ^Sq.  Current 
versions  of  this  attack  fully  recover  the  key  with  2  faulty  ciphertexts  for  AES- 128,  2  for 
AES-192,  and  3  for  AES-256,  and  allow  fault  injection  up  to  the  third  to  last  round  while 
maintaining  a  reasonable  level  of  complexity  [16]. 


4  columns 
V  J 


Eigure  2.13:  DEA  on  the  State  Eault  Propagation  in  AES-128  [16]. 
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2,5.2  DFA  on  the  Key  Schedule. 

Fault  injection  occurs  on  the  round  key.  The  fault  then  propagates  throughout  the 
state  and  the  following  round  keys.  Without  loss  of  generality  the  fault  is  random  and 
corrupts  the  first  byte  of  the  key.  More  complex  relations  than  those  from  DFA  on 
the  State  build  up  from  the  XOR  of  the  correct  and  faulty  ciphertext.  Figure  2.14  shows 
specifically  how  the  fault  spreads  through  the  key  schedule  while  Figure  2.15  shows  fault 
propagation  through  the  state  and  key.  Current  versions  of  this  attack  fully  recover  the  key 
with  2  faulty  ciphertexts  for  AES-128,  4  or  6  for  AES-192,  and  4  for  AES-256,  and  allow 
fault  injection  up  to  the  third  to  last  round  [17]. 


Eigure  2.14:  DEA  on  the  Key  Schedule  Eault  Propagation  in  AES-128  [17]. 
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Figure  2.15:  DFA  on  the  Key  Sehedule  Fault  Propagation  in  AES-128  [17]. 


2.5.3  Round  Modification  Analysis. 

Round  Modifieation  Analysis  (RMA)  is  a  generalization  of  Round  Reduetion  Analysis 
(RRA),  which  induces  a  fault,  changing  the  number  of  AES  rounds  executed.  RRA  reduces 
the  number  of  rounds,  typically  to  one  or  two,  weakening  the  encryption  significantly. 
RMA  however  allows  for  the  possibility  of  increasing  the  rounds  of  AES,  resulting  in 
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faulty  ciphertexts.  Like  other  forms  of  fault  analysis,  these  ciphertexts  reduce  the  key 
range  possibilities,  making  brute  force  attacks  feasible  [4,  9]. 

2.5.4  DFA  on  the  Algorithm. 

Although  not  explicitly  defined  in  prior  work,  [4,  7,  24]  exploit  a  fault  induced  into 
an  algorithmic  component  such  as  the  S-box  or  rcon.  These  attacks  allow  unique  control 
and  in  some  cases  even  enable  known  plaintext  attacks.  These  often  require  explicit  control 
over  fault  values. 

2.5.5  DFA  Mitigation  Techniques. 

Because  DFA  relies  on  inducing  faults,  error  checking  schemes  mitigate  this  threat. 
Examples  include  recalculating  the  last  several  rounds  of  an  encryption  checking  for  a 
match,  and  timing  analysis  checking  operations  run  their  expected  time  [11,  16,  20,  23, 
29].  Because  these  are  an  extra  burden,  minimum  safeguards  protect  the  most  easily 
exploitable  last  rounds.  Thus,  research  pushes  successful  DFA  towards  more  complex  and 
computationally  expensive  fault  injections  in  earlier  rounds,  and  more  control  over  fault 
injection  location  and  value. 

2.6  Background  Summary 

AES  is  the  current  symmetric  key  cryptographic  standard.  As  such,  improving  and 
attacking  AES  are  continuous  areas  of  research.  One  potential  area  of  improvement  uses 
a  Dynamic  S-box  rather  than  the  current  fixed  S-box.  This  potentially  reduces  the  amount 
of  viable  precomputation  possible  in  brute  force  attacks,  adds  additional  complexity  to  the 
algorithm  and  increases  encryption  time.  One  current  attack  vector  on  AES  is  DFA.  These 
attacks  use  correctly  and  incorrectly  encrypted  ciphertexts  to  build  up  relations  that  allow 
key  recovery. 
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III.  Theoretical  Attack  Analysis 


This  chapter  discusses  research  design  decisions  and  explains  the  attack  extension. 
Section  3.1  defines  the  problem  and  outlines  the  approach.  Section  3.2.1  discusses  trade¬ 
offs  and  complexities  of  variant  AES  implementations,  then  explicitly  defines  the  target 
variant  in  Section  3.2.2.  A  discussion  of  necessary  assumptions  and  extensibility  of  DFA 
attacks  follows  in  Section  3.2.3.  Section  3.2.4  explains  the  existing  theoretical  analysis  of 
the  attack  source.  Finally,  Section  3.3  provides  theoretical  attack  extension  analysis. 

3.1  Problem  Definition 

3.1.1  Goals  and  Hypothesis. 

The  goal  of  this  research  is  to  determine  the  complexity  of  extending  DFA  to 
existing  dynamic  S-box  AES  designs.  This  research  expects  DFA  attacks  become  more 
complex  and  difficult  on  a  dynamic  S-box  AES  design  based  on  the  additional  complexity 
introduced.  This  research  expands  the  overall  security  analysis  of  a  dynamic  S-box  AES  to 
assess  its  practicality  and  usefulness  compared  to  the  standard  AES. 

3.1.2  Approach. 

This  research  employs  probabilistic  analysis  to  determine  the  keyspace  reduction 
power  of  non-trivial  DFA  attack  extensions  to  dynamic  S-box  AES  research  variants. 
Specifically  choosing  attack  targets  and  sources  guides  analysis  towards  interesting  and 
non-trivial  extensions.  These  extensions  use  the  concepts  of  existing  work,  while  providing 
novel  approaches  where  necessary. 


29 


3.2  Attack  Targets  and  Sources 
3.2.1  Potential  Attack  Targets. 

As  outlined  in  Section  2.3  the  four  possible  Dynamic  S-box  designs  are  Rotational, 
Chaotic,  Reduction,  and  Switch.  128  bit  key  length  implementations  are  the  base  case,  and, 
thus,  the  first  step  in  extension.  A  high-level  cursory  consequences  discussion  follows. 

•  Rotational.  Although  this  variant  adds  an  additional  operation,  the  AES  encryption 
algorithm  retains  much  of  its  structure.  The  S-box,  though  dynamic,  relies  on  the 
existing  AES  S-box,  with  256  total  permutations  each  round,  for  10  rounds,  a  total 
of  2^°  possibilities  from  a  simple  operation  on  the  existing  structures.  The  S-box 
rotation  appears  to  add  a  great  deal  of  complexity  with  little  additional  effort  or 
change  to  the  algorithm. 

•  Chaotic.  No  change  to  the  logical  flow  of  the  AES  algorithm  means  current  systems 
would  only  need  to  update  the  key  schedule  and  S-box.  However,  building  and 
storing  the  S-box  for  each  encryption  would  likely  limit  the  amount  of  optimization 
encryption  hardware  could  perform.  The  potential  increase  of  complexity  is  256!  « 
8.5  X  for  every  possible  S-box.  Each  key  creates  exactly  one  S-box,  limiting 
this  to  2^^*.  However,  construction  potentially  creates  any  S-box,  including  the 
cryptographically  broken.  Eor  example,  the  possibility  exists  that  a  key  creates  the 
identity  S-box. 

•  Reduction.  Within  finite  Galois  fields,  there  exist  only  a  certain  number  of 
irreducible  polynomials.  Only  30  exist  for  a  Galois  Eield  of  size  2*.  This  only 
introduces  a  complexity  of  about  2^,  which  is  a  trivial  work  factor. 

•  Switch.  Two  S-box  possibilities,  both  already  employed,  make  this  variation  similar 
to  AES  when  examined  by  necessary  components.  Updating  to  this  S-box  scheme 
would  require  the  least  work  and  would  allow  the  most  optimization.  However, 
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this  variation  also  provides  the  least  inereased  eomplexity  of  2.  This  inereased 
eomplexity  is  only  for  offline  attaeks  though,  beeause  by  sending  0  or  1  in  the  elear, 
Eve  knows  whieh  S-box  to  use,  so  there  is  no  inerease  in  eomplexity. 

From  this  exploration,  extending  to  the  ehaotie  design  would  require  signifieant  eomputing 
power  and  analysis  of  ehaotie  properties,  beeause  no  ehanges  oeeur  to  the  logieal  flow 
of  the  algorithm,  but  a  huge  pool  of  2^^^  possible  S-boxes  exist.  Reduetion  would  be  a 
trivial  extension  by  repeating  the  attaek  30  times  or  require  no  extra  work  if  the  irredueible 
polynomial  identifier  was  sent  ‘in  the  elear’  with  the  key,  and  switeh  would  be  no  more 
eomplex,  but  simply  require  implementation.  The  rotational  limit  of  256  S-box  options 
makes  the  work  faetor  reasonable  while  the  possibility  of  any  one  of  these  S-boxes  used 
eaeh  round  makes  for  interesting  eomplexity.  Thus  rotational  whieh  does  not  alter  the 
nature  of  the  algorithm  and  adds  eomplexity,  while  maintaining  a  feasible  work  faetor  is 
the  most  interesting  and  reasonable  option  to  attaek. 

3.2.2  Attack  Target  Implementation. 

As  diseussed  in  Seetion  2.3.1,  Rotational  S-box  AES  variants  add  an  additional  round 
operation,  SboxRotation.  Repeatedly  applying  this  operation  to  the  same  S-box,  rather  than 
to  the  standard  AES  S-box  eaeh  time,  makes  this  iterative.  Eogieally  in  programming,  SBR 
is  a  funetion  aeting  on  an  S-box  passed  by  referenee;  rotating  the  S-box  a  speeified  amount. 
Additionally,  this  variant  ereates  two  expanded  keys.  AK  uses  the  expanded  eneryption  key, 
while  SBR  uses  the  expanded  rotation  key.  Figure  3.1  illustrates  the  eneryption  proeess  as 
rounds  of  operations.  A  slightly  different  key  sehedule  ereates  these  two  expanded  keys. 
Two  key  sehedule  sehemes  exist. 

•  Key  Schedule  1.  The  S-box  rotates  by  the  XOR  of  all  the  bytes  of  the  eneryption 
key.  Performing  the  key  sehedule  as  in  normal  AES,  but  using  this  rotated  S-box  for 
Sub  Words,  ereates  an  expanded  key  whieh  is  both  the  expanded  eneryption  key,  K, 
and  the  expanded  rotation  key,  RK. 
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•  Key  Schedule  2.  Key  Schedule  1  creates  an  expanded  rotation  key,  RK.  The  once 
rotated  S-box  used  in  Key  Schedule  1  rotates  a  second  time  by  the  XOR  of  all  the 
bytes  of  the  expanded  rotation  key.  Performing  the  key  schedule  as  in  normal  AES, 
but  using  this  twice  rotated  S-box  for  SubWords,  creates  the  expanded  encryption 
key,  K. 


Plaintext 

Round  0 
Encryption  Key 

Round  i 
Rotation  Key 


Round  i 

Encryption  Key^ 

Round  10 
Rotation  Key 


Round  10 
Encryption  Key^ 

Ciphertext 


S-boxRotation 


SubBytes 

ShiftRows 


AddKey 


Round  0 


Rounds  1-9 


Round  10 


Figure  3.1:  Logical  RAES-128  Encryption. 


Two  reduction  schemes  exist  to  create  rotation  values  from  the  round  rotation  key.  This 
round  rotation  value  designates  by  how  much  the  S-box  rotates  in  the  associated  round  of 
encryption.  SBR  performs  this  rotation. 

•  Rotation  Reduction  1.  The  round  rotation  value  is  the  last  byte,  'RK15  in  the  round 
rotation  key. 
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•  Rotation  Reduction  2.  The  round  rotation  value  is  the  XOR  of  all  the  bytes  in  the 
round  rotation  key. 

Combinations  of  these  Key  Schedules  and  Rotation  Reductions  result  in  four 
proposed  Rotational  S-box  AES  (RAES)  implementations  labeled  Types  1  through  4. 
Higher  numbers  relate  to  increased  theoretical  security  due  to  complexity,  confusion  and 
computation  time.  Choice  of  key  schedule  is  the  primary  security  influence. 

•  RAES  Type  1.  Key  Schedule  1  and  Rotation  Reduction  1 

•  RAES  Type  2.  Key  Schedule  1  and  Rotation  Reduction  2 

•  RAES  Type  3.  Key  Schedule  2  and  Rotation  Reduction  1 

•  RAES  Type  4.  Key  Schedule  2  and  Rotation  Reduction  2 

Decryption  requires  one  extra  step  of  priming  the  inverse  S-box.  The  S-box  used  in 
round  10  of  encryption  is  the  standard  AES  S-box  rotated  1 1  or  12  times  depending  on  the 
Key  Schedule  used.  Rotating  the  inverse  S-box  by  these  same  values  correctly  orients  it 
for  decryption.  Once  correctly  initialized,  decryption  follows  as  expected  with  SBR“^  a 
rotation  of  inverse  S-box  to  the  right  by  the  round  rotation  value.  Eigure  3.2  illustrates  this 
process. 

Explicitly  establishing  the  mechanisms  of  these  implementations  required  several 
design  decisions  beyond  the  scope  of  [15,  22].  Appendix  A  justifies  these  decisions  and 
discusses  the  alternatives.  Appendix  B  provides  sample  encryptions  and  key  schedules  of 
all  4  Types  to  facilitate  validation  and  future  use  of  this  algorithm. 
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Figure  3.2:  Logical  RAES-128  Decryption. 


3.2.3  Potential  Attack  Sources. 

As  outlined  in  Section  2.5  the  four  possible  DFA  attacks  are:  DFA  on  the  State,  DFA 
on  the  Key  Schedule,  Round  Modification  Analysis,  and  DFA  on  the  Algorithm.  Using  a 
rotational  S-box  affects  each  uniquely.  A  high-level  consequences  discussion  follows. 

•  DFA  on  the  State.  This  requires  no  assumptions  about  the  value  of  the  fault  injected. 
Faults  only  propagate  through  the  state.  Rotating  the  S-box  does  not  affect  the 
location  of  the  propagation,  only  the  values.  Most  likely,  this  extension  could  largely 
use  existing  work. 

•  DFA  on  the  Key  Schedule.  This  requires  no  assumptions  about  the  value  of  the 
fault  injected.  Depending  on  RAES  Type  and  the  key  expansion  targeted,  potentially 
only  the  values  change,  not  location  of  faults.  The  altered  key  schedule  increases  the 
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complexity  and  analysis  required  for  this  attack,  though  most  likely  this  extension 
could  largely  use  existing  work. 

•  Round  Modification  Analysis.  This  requires  a  controllable  or  predictable  fault 
injection  value.  Leveraging  a  fault  injection  is  the  only  DFA  element  of  RMA.  Use 
of  a  Rotational  S-box  does  not  significantly  impact  methods  used  in  key  recovery 
when  altering  the  number  of  rounds.  These  methods  are  a  set  of  more  conventional 
cryptanalysis  approaches. 

•  DFA  on  the  Algorithm.  The  most  abstract  DFA  category  which  allows  many 
possibilities.  Many  creative  options  allow  powerful  attacks,  but  these  attacks  likely 
need  the  most  control  of  values  injected.  DFA  on  the  Algorithm  is  an  open-ended 
class  with  no  clear  implementations  to  imitate. 

From  this  analysis,  DFA  on  the  State  and  DFA  on  the  Key  Schedule  are  the  most 
logical  and  interesting  choices  in  identifying  a  non-trivial  extension  of  an  existing  attack. 
This  research  pursues  DFA  on  the  State  for  the  slightly  less  expected  complexity.  Extending 
to  DFA  on  the  State  likely  allows  use  of  existing  attack  properties  and  analysis,  while  still 
requiring  creative  workarounds  to  the  added  complexity. 

3.2.4  Attack  Source  Implementation. 

Extending  DEA  on  the  State  to  RAES  requires  understanding  of  the  existing  attack. 
The  theoretical  analysis  detailed  in  [28]  examines  probabilities  that  certian  conditions  hold 
to  determine  the  attack’s  keyspace  reduction  power.  What  follows  is  a  synopsis  of  this 
analysis. 

Eve  obtains  a  correct  encryption  E  of  plaintext  P,  using  key,  K.  She  then  leverages 
attack  capabilities  to  inject  a  fault  at  *Sq,  obtaining  a  faulty  encryption  E  of  plaintext  P, 
using  key  K.  The  single  byte  fault  propagates  to  corrupt  the  entire  ciphertext.  S  and  C 
represent  the  faulty  state  and  ciphertext.  Eigure  3.3  represents  the  XOR  of  the  last  three 
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rounds  of  E  and  E.  AS  and  AC  represent  the  state  and  ciphertext  respectively.  Assigning 
the  difference  between  E  and  E  at  the  fault  injection  site  ^ASq  to  the  variable  ‘a’,  relations 
build  up  around  this  XOR  difference.  A  walkthrough  of  fault  propagation  through  each 
operation  follows. 
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Eigure  3.3:  XOR  of  Correct  and  Eaulty  AES-128  Encryption,  Rounds  8-10. 


•  MC.  Eigure  3.4  highlights  the  transition  between  ^AS^  and  ^AS^.  Eigure  3.5  shows 
the  underlying  math.  Because  multiplication  distributes  over  addition  in  GE(2^), 

MC(^S2)  ©  MC(^S^)  =  MC(^S^  ©  ^S^)  =  MC(^AS2). 
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Figure  3.4:  XOR  of  Correct  and  Faulty  AES- 128  MC  Operation. 
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Figure  3.5:  XOR  MC  Walkthrough. 


•  AK.  Figure  3.6  highlights  the  transition  between  *AS^  and  ^AS"^.  Because  the  fault 
injection  does  not  corrupt  the  key  schedule,  the  expanded  key  is  the  same  for  both 
E  and  E.  Thus,  as  shown  in  Eigure  3.6,  every  byte  of  ^AK  is  0.  Because  XOR,  or 
addition  in  GE(2^)  is  commutative,  the  order  of  performing  this  XOR  does  not  matter, 
and  so  ^AS"^  =  AK(^AS^)  =  ^AS^  ©  ^AK  =  ^AS^.  The  equations  below  demonstrates 
this  relationship. 

^AS^  =  ©  ^Ko)  ©  ©  ^Ko) 

=  ©  (^Ko  ©  ^Ko) 

=  ('S'  ©  ^S^)  ©  (0) 

=  'AS^ 
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Figure  3.6:  XOR  of  Correct  and  Faulty  AES- 128  AK  Operation. 


•  SB.  ^AS^  =  SB(^S°)  ©  SB(^S°).  Distributing  SB  over  XOR  is  not  possible. 

SB(OO)  ©  SB(Ol)  =  63  ©  7C  =  IF 
SB(00©01)  =  SB(Ol)  =  7C  ^  IF 
SB(02)  ©  SB(03)  =  77  ©  7B  =  OC  ^  IF 

This  prohibits  further  reductions,  thus  relations  from  ^AS°  cannot  move  forward  into 
^AS^  Figure  3.7  highlights  this. 
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Figure  3.7:  XOR  of  Correct  and  Faulty  AES- 128  SB  Operation. 


•  SR.  No  manipulation  of  byte  values  occur  in  this  step,  thus  the  XOR  values  remain 
unchanged,  but  move  byte  position  as  dictated  by  the  SR  operation.  Eigure  3.8  shows 
this. 
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Figure  3.8:  XOR  of  Correct  and  Faulty  AES-128  SR  Operation. 


Clearly  defined  fault  propagation  allows  discussion  of  the  analysis  to  move  forward. 
As  the  attacker,  Eve  only  has  C  and  C,  and  thus  AC.  Knowing  AK  has  no  effect  on  AS 
values,  ^°AS^  =  AC.  Again,  SR  does  not  affect  AS  values,  and  so  ^°AS^  =  SR“^(AC).  Thus 
with  C  and  C,  Eve  also  knows  ^°AS^  This  attack  exploits  the  known  relations  that  exist  in 
'°AS°,  and  the  possible  that  enable  ^°AS^  to  step  back  and  satisfy  these  relations.  The 
set  of  DEE  to  represent  this  for  ^'^AS^q  follow. 

2b  =  SB-'(C  0  ©  o)  ©  SB^'CC  o  ©  ^°K  o)  (3.1) 

b  =  SB-\C  7  ©  7)  ©  SB~\C  7  ©  ^°K  7) 

b  =  SB-^Cio  ©  ^%o)  ©  SB”i(Cio  ©  ^°Kio) 

3b  =  SB-'(Ci3  ©  '°Ki3)  ©  SB-'(Ci3  ©  '°Ki3) 

Since  b  can  be  any  value  a  byte  can  hold,  except  0,  b  is  in  {1,  2, ...,  255}.  Were  b  zero, 
fault  injection  failed,  and  thus  C  =  C,  so  there  is  nothing  to  exploit.  Examining  the  first 
equation  of  the  set,  regardless  of  what  values  Co  and  Co  hold,  of  the  255  possible  values  of 
2b,  128  yield  0  ^°Ko  key  hypothesis  which  satisfy  Equation  3.1,  126  yield  2  and  1  yields  4. 
Iterating  over  all  possible  values  of  Co,  Cq  and  ^°Ko  reveal  this.  Thus,  on  average  for  any 
one  particular  value  of  2b,  there  exists  (2  x  126  -l-  4)/255  =  256/255  just  over  1  valid  ^°Ko 
hypothesis.  Considering  all  255  possible  values  of  2b  yields  an  expected  255  x  =  256 
'°Ko  hypotheses.  This  result  is  not  a  reduction  yet  since  ^°Ko  is  one  byte  which  can  hold 
one  of  2^  =  256  values.  The  same  holds  for  each  of  the  four  equations  in  the  set. 
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Now  considering  all  four  equations  at  once,  for  a  given  value  of  b,  each  equation  on 
average  should  return  about  one  value.  These  four  values  form  a  quartet  of  key  bytes 
^°^i3}  which  is  one  hypothesis.  Considering  all  255  b  values  should 
create  256  of  these  quartets.  This  column  analysis  reduces  the  key  space  of  these  four  bytes 
from  (2*)"^  to  2^. 

A  set  of  equations  like  those  seen  above  exist  for  each  of  the  four  columns  of  ^°ASo, 
thus  each  of  these  reduce  similarly.  Each  column  is  independent,  making  no  further 
relations  possible  from  these  relationships  in  round  10.  So,  the  original  keyspace  of 
2'^^  =  ((2^)"^)^  reduces  to  (2^)^  =  2^^  when  considering  all  combinations  of  these  quartets. 
Equivalently,  these  sets  of  equations  have  a  keyspace  reduction  power  of  2“^^. 

This  analysis  and  process  is  the  essence  of  the  DEA  attack.  Reductions  based  on 
properties  that  must  hold  over  the  SB  operation  on  the  XOR  of  a  correct  and  faulty 
ciphertext.  Stepping  back  to  round  9  produces  a  similar  reduction,  and  building  relations 
over  further  reduces  the  keyspace  to  2^.  However,  leveraging  round  9  information 
requires  a  much  greater  amount  of  work  for  a  much  smaller  reduction.  Eully  reducing  the 
keyspace  to  1  requires  additional  C,  C  pairs.  This  produces  two  independently  reduced 
keyspaces  of  2^^.  The  intersection  of  these  keyspaces  yields  one  unified  reduced 
keyspace.  Keys  should  randomly  appear  in  both  with  likelihood  2^^  x  ^  Thus 

only  the  valid  should  remain.  Once  recovered,  as  discussed  in  Section  2.2.5  reversal 
of  the  key  schedule  reveals  the  original  encryption  key.  The  round  10  reduction  has  a  work 
factor  of  (2*)  x  16  =  2^^  since  stepping  each  byte  back  occurs  individually  and  has 
a  keyspace  reduction  power  of  2“^^.  However  the  round  9  reduction  has  a  work  factor 
of  2^^  since  stepping  back  through  to  requires  calculating  which  relies  on  ^°K. 
Individually  checking  all  2^^  possible  keys  has  a  reduction  power  of  2“^^.  If  Eve  can  only 
obtain  one  C,  C  pair  and  she  knew  the  format  of  the  unencrypted  data,  she  could  reasonably 
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perform  this  round  9  reduction  and  decrypt  C  with  each  of  the  256  possible  keys  to  see  if 
any  of  the  resulting  plaintexts  conform  to  the  expected  data  format. 

3.3  Attack  Analysis 

A  rough  estimate  of  the  memory  necessary  to  calculate  the  S-box  relations  used  in  the 
attack  described  in  Section  3.2.2  is  (possible  C,)x(possible  C,)x(possible  ^°K;)x(storage 
cost).  Each  calculation  needs  to  store  4  bytes,  C',  C',  and  b.  Thus  roughly 

256  X  256  X  256  X  4  =  2^^  bytes,  or  roughly  0.067  GB.  When  pushing  this  analysis  to 
the  Rotational  S-box,  storage  costs  roughly  become  (possible  round  10  S-box  rotation 
values)x(possible  C;)x(possible  C;)x(possible  ^°K,)x(storage  cost).  Each  calculation 
needs  to  store  5  bytes,  rio,  C,-,  C,-,  and  b.  Thus  roughly  256x256x256x256x5  « 
bytes,  or  approximately  21.5  GB.  While  this  may  not  be  a  burden  for  supercomputers  or 
specialized  workstations,  it  is  beyond  the  processing  power  of  most  personal  workstations. 
As  such,  extension  requires  a  different  analysis  approach.  The  existing  fault  propagation 
model  holds,  but  reduction  requires  knowing  the  S-box  used  in  round  10. 

3.3.1  Rotation  Step  Analysis. 

Examining  the  SBR  operation,  Eigure  3.9  shows  the  standard,  unrotated  S-box,  S- 
boX().  Eooking  up  0x02:  S-boxo(Ox02)  =  0x77.  Rotating  S-boxo  by  one  results  in  S-boxi, 
SBR(1,  S-boxo)  =  S-boxi,  Eigure  3.10  displays  this  new  rotated  S-box.  Again  looking 
up  0x02:  S-boxi(0x02)  =  0x7b.  Eooking  up  0x03  in  S-boxo  achieves  this  same  result. 
Rotating  S-boxi  by  one  results  in  S-box2,  SBR(1,  S-boxi)  =  S-box2.  Eigure  3.11  visualizes 
this  twice  rotated  S-box.  Eooking  up  0x02  again:  S-box2(0x02)  =  0xf2. 
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Figure  3.9:  RAES  S-boxo 
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Figure  3.10:  RAES  S-boxi. 
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Figure  3.11:  RAES  S-box2. 
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Again,  looking  up  0x04  S-boxo  produces  the  same  output.  Just  one  rotation  of  S-boxo 
by  2,  SBR(2,  S-boxo)  also  eomputes  S-box2.  In  faet,  any  number  of  rotations  reduee  to  just 
one  rotation  of  S-boxo: 

SBR(r„,  SBR(---  ,  SBR(ri,  SBR(ro,  S-boxo))  •••))  =  SBR((ro+ri  +  - •  •+r„)%256,  S-boxo). 

Addition  here  is  over  the  integers,  not  GF(2^)  and  although  the  mod256  is  not  neeessary, 
it  is  still  eorreet.  Rotating  S-boxo  by  256  rotates  the  S-box  all  the  way  around  baek  to  its 
starting  position.  Considering  rotation  an  adjustment  of  lookup  indieies  further  simplifies 
the  S-box  rotation.  This  researeh  denotes  addition  over  the  integers  mod256  with  ffl.  As 
previously  noted,  looking  up  0x02  in  S-boxi  is  also  0x03  in  S-boxo.  Adjusting  the  lookup 
index  of  0x02  by  an  inerease  of  1  has  the  same  effeet  of  rotation.  This  adjustment  is  exaetly 
0x02  ffl  0x01  sinee  the  lookup  indieies  are  the  ineoming  byte  nibbles.  Again,  looking  up 
0x02  in  S-box2  is  also  0x04  in  S-boxo.  Adjusting  the  lookup  index  by  an  inerease  of  2 
produees  this  same  effeet.  This  adjustment  is  exaetly  0x02  ffl  0x02.  In  faet,  this  property 
holds  for  all  possible  rotation  values.  Similarly,  this  manipulation  holds  over  the  inverse 
SBR“^  as  well. 

The  Rotational  S-box  implementations  use  iterative  S-box  rotations,  'r  represents  the 
rotation  value  for  a  partieular  round  as  ealeulated  from  the  expanded  rotation  key.  The 
key  sehedule  rotates  by  “^r  and  if  neeessary  (Type  3  and  Type  4)  ~^r.  Then  round  0  of 
eneryption  uses  S-boX[-2ra]-ir.  Sinee  round  0  does  not  apply  SBR,  this  value  is  °R,  the  total 
iterative  rotation  value  of  the  S-box  in  round  0.  Advaneing  to  round  1,  the  S-box  rotates  by 
'r,  and  'R  =  °R  ffl  ^r.  Thus  S-box  lookups  in  round  1  ean  follow  the  form  SB(byte  ffl  ^R) 
using  S-boxo.  Repeating  this  proeess  out  through  round  10,  ^°R  =  ^R  ffl  ^‘^r  =  ~^r  ffl  “^r  ffl 
'r  ffl  •  •  •  ffl  ^°r,  and  S-boxo  lookups  follow  the  form  SB(byte  ffl  ^°R).  Thus,  (ffl  'R)  replaeing 
every  instanee  of  SBR  ereates  an  equivalent  algorithm. 
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3.3.2  Mapping  Rotate  to  an  Operation  in  GF(2^). 

Figure  3.12  shows  an  alternative  view  of  the  fault  propagation  model  using  this 
additive  definition  of  S-box  rotation.  With  S-box  rotation  now  defined  as  addition  mod 
256,  leveraging  the  existing  attack  relations  might  now  be  possible. 

ffl  ffl  ^°R) 

Assuming  ffl  distributes  over  addition  (©)  in  GF(2^),  then  ^°ASq  =  ^°R  ffl  = 

'°Rffl  2b.  Similarly,  i°AS{  =  ffl  '‘’R)  ©  ffl  ^^R)  =  (i°S°  ©  ^°S°)  = 

b.  Now  assuming  ffl  distributes  over  multiplication  in  GF(2^),  then  ^°ASq  =  2('°Rffl  b) 
and  ^^AS^  =  (^°Rffl  b).  Letting  (^°Rffl  b)  =  v,  the  final  result  is  ^°ASq  =  2v,  ^^AS^  =  v. 
This  result  restores  the  original  ^‘^AS'  column  relations  regardless  of  ^‘^R,  requiring  no 
new  attack  analysis  to  match  the  reductions  established  in  the  existing  attack  by  using 
S-boxo.  However,  this  conclusion  requires  proving  the  assumptions  that  ffl  distributes  over 
both  addition  and  multiplication  in  GF(2^).  Testing  these  assumptions  with  discrete  values 
shows  ffl  does  not  distribute  over  either  addition  or  multiplication  in  GF(2^),  so  the  initial 
fault  propagation  remains  unexploitable. 

1  ffl  (2  X  3)  =  1  ffl  (6)  =  7  ^  12  =  3  X  4  =  (1  ffl  2)  X  (1  ffl  3) 

1  ffl  (2  ©  3)  =  1  ffl  (1)  =  2  ^  7  =  3  ©  4  =  (1  ffl  2)  ©  (1  ffl  3) 

3.3.3  Alternate  Attack  Analysis  on  Standard  AES. 

Since  analysis  of  SBR  as  ffl  is  not  sufficient  to  extend  the  attack,  an  analysis  of  the 
existing  attack  described  in  3.2.2  with  a  slightly  different  way  of  thinking  follows.  This 
analysis  removes  the  need  for  full  inspection  of  all  S-box,  properties.  Figure  3.13  shows 
^°AS  of  the  standard  AES  attack  for  reference. 
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Round  10  Round  10  Round  9  Round  8 


Figure  3.12:  XOR  of  Correct  and  Faulty  RAES-128  Encryption,  Rounds  8-10. 


i°AK 


Eigure  3.13:  XOR  of  Correct  and  Eaulty  AES-128  Encryption,  Round  10. 
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Examining  which  is  known,  127  values  are  possible  out  of  255,  this  set  of 
values  is  {^°ASq}.  Thus,  the  likelihood  of  a  random  value  in  {1,255}  being  in  {^°ASp}  is 
This  likelihood  is  also  true  for  ^^AS^,  ^^ASg,  and  ^°ASj2-  So,  for  a  given  2b  e  {^°ASq},  the 
probability  of  2b  6  {i°ASi},  b  6  {i°AS{},  b  e  {i°AS^},  and  3b  6  {^°ASj2}  is  1  x  x  x 
Since  there  are  127  2b  e  {^°ASq},  the  number  of  2b  expected  to  satisfy  the  above  relation 
and  be  in  each  set  is  127  x  (^)^. 

The  256  possible  ^°Ko  key  byte  values  step  back  to  127  2b  values.  So,  each  valid  2b 
value  averages  to  an  expected  Iff  keyspace  for  that  byte.  Thus,  the  average  keyspace  for  a 
valid  2b,  b,  b,  3b  column  is  (||f 

Combining  the  number  of  valid  2b  columns  with  the  keyspace  for  each  valid  2b 
column  results  in  the  total  average  keyspace  of  a  column: 


127 


256, 


,127, 


(127  X  ( - Y)  X  ( - r  =  ( - )  X 


'255 


127 


127^ 


256^ 


256^ 


The  expected  keyspace  per  valid  2b  and  the  expected  number  of  valid  2b  have  no  influence 
on  this  reduction.  Since  columns  are  independent,  applying  the  same  relation  to  each  of  the 
four  columns  creates  a  total  reduction  of:  ~ 

3.3.4  General  Extension. 

The  above  reworking  of  the  existing  attack  on  standard  AES  revealed  the  average 
reduction  across  the  S-box  is  independent  of  the  number  of  resulting  valid  2b  or  the 
expected  keyspace  per  valid  2b  because  these  values  cancel.  Thus,  no  analysis  needs  to 
be  done  around  the  Rotational  S-box.  The  averages  smooth  out  all  inconsistencies  and 
discrete  numbers.  Therefore,  regardless  of  the  S-box  used,  the  average  resulting  keyspace 
is  about  Since,  in  round  10,  can  be  any  value  in  (0,  1,  ...,  255),  256  of 

these  2^^  °^’^  keyspaces  exist.  The  total  keyspace  remaining  after  stepping  back  to  is 
approximately  2^^  °^^^  x  2^  = 

The  existing  attack  reduces  in  round  9  by  stepping  back  each  possible  remaining  ^°K. 
This  extension  has  an  increased  work  factor  based  on  the  larger  2"^°  *^^’^  remaining  keyspace. 
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Additionally,  stepping  back  to  requires  use  of  SubWord.  However,  because  the 
expanded  encryption  key  uses  a  rotated  S-box,  each  possible  keys  steps  back  2^ 

ways  for  each  possible  S-box  rotation,  further  increasing  the  work  factor  to  Since 

extending  an  attack  is  the  goal  of  this  research,  and  the  round  10  analysis  contains  the 
essence  of  this  DFA  on  the  State  attack  while  maintaining  a  much  higher  power  to  speed 
ratio,  this  research  only  extends  the  round  10  portion  of  this  attack. 

Access  to  a  second  cipher  pair  allows  an  independent  reduction  to  an  alternate  reduced 
key  space  of  approximately  2"^°°^^^.  Intersecting  these  key  spaces  creates  the  remaining 
valid  keyspace.  Assuming  the  incorrect  keys  in  each  reduced  keyspace  are  random, 
240.0677  y  «  2“"^’-*^"^^  keys  remain.  Thus,  only  the  valid  Kio  key  should  remain. 

Recovery  of  the  encryption  key  Kq  still  requires  reversal  of  the  key  schedule. 

3.3.5  Reversing  the  Key  Schedule. 

The  previous  section  provides  the  theoretical  keyspace  reduction  power  of  the  attack 
extension  regardless  of  Rotational  S-box  Type  implementation.  The  analysis  shows  that 
full  recovery  of  is  possible.  With  standard  AES,  recovery  of  concludes  the  attack 
because  the  key  schedule  is  fully  reversible.  Following  is  an  analysis  of  reversing  the  key 
schedule  for  all  RAES  Types. 

Knowing  the  S-box  in  standard  AES  makes  reversal  of  the  key  schedule  possible.  The 
RAES  encryption  key  schedule  uses  S-box-iR,  which  is  unknown.  However,  this  S-box  is 
one  of  only  256  possibilities,  meaning  there  are  256  potential  encryption  keys.  Reversing 
to  each  of  these  is  trivial. 

•  Key  Schedule  1.  For  key  schedule  1,  “^R  =  “^r  is  the  XOR  of  all  encryption  key 
bytes.  Reversal  of  the  expanded  encryption  key  with  a  particular  “^r  reveals  the  first 
16  bytes,  ‘’K,  the  encryption  key.  Checking  that  the  XOR  of  these  bytes  matches 
the  “^r  value  used  to  reverse  each  particular  expanded  key  reduces  the  possible  “^r 
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values.  Since  one  is  valid  out  of  256,  and  256  options  are  checked,  should 
reduce  to  one  possibility. 

•  Key  Schedule  2.  In  key  schedule  2,  ~^r  is  the  XOR  of  all  encryption  key  bytes  °K 
and  °K  =  °RK.  Expanding  this  out  to  the  expanded  rotation  key  allows  computation 
of  “^r.  Checking  this  “^R  against  the  value  used  to  reverse  the  encryption  key,  like  in 
the  key  schedule  1  analysis  above,  should  reduce  to  one  possibility.  Thus  the  same 
reduction  power  is  possible,  requiring  an  extra  step  of  key  expansion. 

If  more  than  one  °K  remain  after  this  “'R  check,  two  more  reduction  checks  are 
possible.  First,  rebuilding  the  expanded  rotation  key  and  calculating  is  associated  ^°R  value 
enables  a  check  that  this  matches  the  ^°R  used  to  create  ^°K.  If  multiple  possibilities  still 
remain,  checking  ^AS°  relations  provide  a  final  reduction.  Using  round  9  relations  is  not 
an  unreasonable  work  factor  like  a  full  round  9  reduction  because  this  instance  only  steps 
back  one  and  few  possible  ^R  should  remain  after  the  two  prior  reductions. 

3.4  Theoretical  Attack  Summary 

Overall,  this  attack  extension  is  slightly  less  powerful,  and  less  flexible  to  Eve’s 
resources  and  constraints.  With  only  one  cipher  pair,  the  extended  attack  is  much 
less  powerful,  effectively  only  able  to  reduce  the  keyspace  to  with  a  reasonable 

work  factor,  where  the  existing  attack  could  reduce  the  keyspace  to  2^  with  reasonable 
computational  effort.  However,  if  Eve  has  access  to,  or  the  capability  to  create  two  or 
more  cipher  pairs,  the  attacks  effectively  have  the  same  expected  reduction  power  of  full 
keyspace  recovery. 
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IV.  Methodology 


This  chapter  details  the  experimental  methodology  for  verifying  the  theoretical  results 
of  Chapter  3.  First,  Section  4.1  discusses  the  approach  and  expected  results.  Sections 
4.2  through  4.7  define  the  experimental  environment  including  boundaries,  workload  and 
metrics.  Finally,  Sections  4.8  and  4.9  explain  the  experimental  implementation. 

4.1  Problem  Definition 

4.1.1  Goals  and  Hypothesis. 

The  goal  of  this  research  is  to  verify  the  theoretical  analysis  in  Section  3.3.4  and 
determine  the  actual  attack  power  of  DFA  on  the  State  on  standard  AES  and  research 
driven  rotational  S-box  AES  designs.  This  analysis  expects  DEA  on  the  State  of  standard 
AES  using  one  cipher  pair  reduction  to  produce  an  average  keyspace  of  approximately 
232.0677^  while  expecting  all  RAES  Types  to  yield  This  research  expands  the  overall 

security  analysis  of  a  dynamic  S-box  AES  to  assess  its  practicality  and  usefulness  compared 
to  standard  AES  and  validates  the  existing  theoretical  DEA  work  on  AES-128  [28]. 

4.1.2  Approach. 

This  research  attacks  both  the  standard  AES- 128  implementation  with  the  existing 
attack  as  described  in  Section  3.2.4  as  a  baseline  and  the  four  Rotational  S-box  AES- 
128  implementations  as  defined  in  Section  3.2.2  with  the  extended  attack  as  described  in 
Section  3.3.4.  Specifically,  focusing  on  keyspace  reductions  and  reductions  of  valid 
'°R  allows  verification  of  the  theoretical  analysis  performed,  and  enables  the  analysis  of 
discrete  reductions,  not  just  expected  averages.  This  discrete  data  sheds  further  light  on  the 
underlying  mechanics  at  work. 


49 


4.2  System  Boundaries 

The  System  Under  Test  (SUT)  is  the  Cryptanalysis  System.  Because  the  focus  is 
several  cryptanalysis  techniques  on  different  AES  algorithms  with  the  goal  of  key  recovery, 
the  Component  Under  Test  (CUT)  is  the  Solver.  The  Solver  solves  the  constructed  DEE 
by  checking  that  the  ^°AS°  relations  hold.  Other  components  of  the  system  are  the 
cryptanalysis  attack,  the  AES  algorithm,  the  S-box,  and  the  encryption  environment.  This 
study  limits  the  scope  of  these.  The  encryption  algorithm  is  scoped  to  only  AES- 128 
variants,  specifically  AES-128  and  RAES-128  Types  1-4.  Additionally,  DEA  attacks  on  the 
State  are  the  only  cryptanalysis  attacks  considered.  Easily,  the  encryption  environment  is 
restricted  to  software,  rather  than  hardware,  to  more  easily  facilitate  fault  injection.  Eigure 
4.1  depicts  the  system  boundaries. 
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Eigure  4.1:  System  Boundaries. 
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4.3  System  Services 

The  Cryptanalysis  System  provides  a  key  recovery  service.  The  possible  outcomes 
are:  (1)  full  recovery  of  the  encryption  key,  (2)  reducing  the  keyspace  to  an  unsecure  size 
such  that  an  exhaustive  search  is  feasible  in  one  hour  on  a  personal  workstation  using  an 
Intel  iV  CPU  with  8  GB  of  memory,  (3)  reducing  the  possible  keyspace  but  exhaustive 
search  remains  computationally  infeasible  in  one  hour  on  a  personal  workstation  using  an 
Intel  iV  CPU  with  8  GB  of  memory,  or  (4)  discovering  no  information  and  the  keyspace 
remains  unaffected.  This  study  focuses  on  outcome  (1)  as  this  is  the  only  theoretical  result 
of  the  attacks  considered. 

4.4  Workload 

The  workload  submitted  to  the  system  is  a  correct  ciphertext  and  several  corresponding 
fault  injected  ciphertexts.  These  pairs  are  what  the  DFA  specifically  exploits.  Workload 
parameters  also  include  the  fault  injection  timing  and  location  data  and  the  AES 
implementation  as  a  successful  DFA  on  the  State  attack  requires  this  knowledge.  This 
study  limits  the  fault  injection  timing  and  location  to  ^Sq.  The  plaintext  and  key  sent  to 
the  encryption  algorithm  should  not  change  attack  complexity,  thus  they  are  not  workload 
parameters,  but  instead  randomly  generated. 

4.5  Performance  Metrics 

Attack  efficacy  dictates  system  performance.  The  number  of  faulty  ciphertexts 
required  for  full  key  recovery  most  significantly  captures  efficacy.  Reductions  at  each  stage 
of  the  solving  process  more  precisely  capture  this  performance  and  allows  comparison 
to  the  theoretical  power  calculated.  Lastly,  timing  metrics  roughly  gauge  work  factors. 
However,  since  computation  time  is  not  the  main  focus  and  not  of  critical  importance, 
minimal  measures  control  the  testing  environment.  Overall,  these  metrics  provide  a  total 
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picture  of  DFA  attack  power  on  standard  AES- 128  and  the  four  Rotational  S-box  AES- 128 
implementations . 

4.6  System  Parameters 

The  system  parameters  are  the  attack  implementation,  computational  resources,  access 
to  the  encryption  machine,  encryption  environment,  and  any  other  available  information 
that  might  help  the  attack.  Because  this  study  limits  its  scope  to  DEA  on  the  State  attacks 
and  each  depends  on  fault  placement  and  AES  implementation,  these  workload  parameters 
directly  dictate  the  attack  implementation.  Computational  resources  are  important  because 
they  alter  the  time  required  to  perform  the  attacks  and  put  limits  on  the  amount  of 
computation  possible  through  memory  limitations.  If  this  system  used  a  fully  realized 
attack,  access  to  the  encryption  machine  would  be  an  important  factor  in  choosing  the 
physical  attack  vector  used  to  induce  the  faults.  Because  DEA  attacks  rely  on  inducing 
faults  through  physical  phenomena,  the  encryption  hardware  used  affects  the  practicality 
of  an  attack.  The  examined  attacks  require  introduction  of  faults  to  specific  positions  of 
the  algorithm  at  specific  times,  and  exploitable  hardware  is  necessary.  However,  because 
the  encryption  environment  here  is  in  software  which  also  simulates  faults  (inducing  them 
intentionally  through  code  as  part  of  the  encryption  algorithm  rather  than  through  actual 
physical  processes  on  the  encryption  hardware)  an  exploitable  encryption  environment  is 
not  a  concern  for  this  research.  Any  prior  knowledge  of  the  encryption  system  beyond  the 
encryption  algorithm  provides  information  that  may  reduce  the  possible  keyspace. 

4.7  Factors 

The  only  factor  of  this  study  is  attack  implementation  which  has  five  levels  relating 
the  standard  AES  and  the  four  Rotational  S-box  AES  Type  implementations.  This  study 
fixes  all  other  parameters  to  one  value.  To  reiterate  these  values,  Eigure  4.2  displays  each 
significant  parameter. 
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4.8  Evaluation  Technique 

Evaluation  occurs  in  multiple  reduction  steps.  Simulations  artifieially  injeet  faults 
at  arbitrary  positions  and  times  of  the  eneryption  algorithm  without  the  overhead 
of  speeialized  hardware  that  true  implementation  and  measurement  would  require. 
Additionally,  simulations  produee  aetual  data  whieh  provides  a  diserete  and  quantified  set 
of  data  to  analyze,  something  missing  in  a  purely  analytie  teehnique.  This  experimentation 
produeed  a  simulated  environment,  (R)AES-DFA  vl.O,  in  Python  2.7.3.  Appendix  A  eovers 
the  steps  taken  to  validate  this  software’s  funetionality. 
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Figure  4.2:  Faetors  and  Fevels. 


The  simulation  runs  a  given  variant  of  AES  for  eaeh  plaintext  and  key  pair  given;  first 
running  eorreetly  and  then  injeeting  a  random  fault  at  the  speeified  position  and  timing 
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within  the  algorithm.  The  solver  reduees  the  keyspaee  as  mueh  as  possible  from  this 
eipher  pair  as  deseribed  in  Seetion  3.3  using  round  10  reduetions.  Reduetions  eontinues 
with  additional  faulty  eiphertexts  until  full  key  reeovery.  Validation  that  the  attaek  was 
sueeessful  oeeurs  by  eheeking  the  reeovered  key  and  plaintext  values  with  the  aetual  input 
data. 

The  attaek  implementation  treats  eaeh  potential  as  part  of  the  redueed 

keyspaee.  This  pairing  eounts  two  identieal  reeovered  with  different  ^°R  as  separate 
valid  keys.  Pilot  studies  of  the  attaek  implementation  revealed  that  round  10  reduetions 
eould  only  ever  reduee  the  keyspaee  to  2  regardless  of  the  number  of  eipher  pairs  used. 
Investigation  revealed  one  with  two  ^‘^R  values  always  made  this  keyspaee  of  two, 
not  two  eaeh  with  one  ^‘^R.  Several  stages  eapture  all  keyspaee  reduetions.  First, 
eipher  pairs  reduee  the  keyspaee  to  two.  Then  key  sehedule  reduetions  oeeur  to  reduee 
the  keyspaee  to  one  and  eorreetly  reverse  to  the  eneryption  key  °K.  Notable  data  for 
analysis  eaptured  at  eaeh  stage  ineludes  the  size  of  the  remaining  keyspaee,  the  valid  ^°R 
values,  and  eomputation  time.  Capturing  additional  verifieation  and  replieation  data  make 
this  experimentation  fully  repeatable.  This  data  ineludes  the  plaintext  and  key  used,  the 
resulting  eiphertext,  and  the  XOR  fault  used  eaeh  time  for  a  new  faulty  eiphertext.  The 
eaptured  information  provides  a  robust  data  set  from  whieh  future  work  ean  replieate  this 
work  to  validate,  eorreet,  or  improve  upon  the  algorithms,  data  eolleeted,  and  following 
analysis. 

4.9  Experimental  Design 

With  only  one  faetor,  this  experiment  is  trivially  a  full-faetorial  experimental  design  of 
the  simulated  attaek  deseribed  in  Seetion  4.8  requiring  the  following  number  of  iterations: 
(#  sueeessful  attaeks  developed  +  #  existing  eomparable  attaeks)x(#repetitions).  Setting 
the  number  of  repetitions  to  2,500  results  in  (4  +  1)  x  2, 500  =  12, 500  iterations.  Although 
eneryption  is  deterministie,  this  experiment  only  uses  one  elass  of  keys  and  plaintexts,  that 
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is,  completely  random.  As  such,  each  repetition  uses  a  random  key  and  plaintext,  thus 
changing  the  resultant  ciphertext.  The  simulation  does  nothing  to  standardize  the  faults 
injected  across  attack  implementations  for  each  repetition.  The  large  number  of  repetitions 
follow  from  the  extreme  magnitude  of  the  population  and  the  small  time  cost  of  additional 
operations  discovered  in  pilot  studies.  A  minimum  of  (2^^*  plaintexts)  x  (2^^^  keys)  x 
(256  fault  1  values)  x  (255  fault  2  values)  «  2^^^  attack  vectors  exist  for  any  given  attack 
implementation.  Thus,  even  a  sample  of  2500  is  only  roughly  of  the  possible  attack 

vectors.  Analysis  uses  a  95%  confidence  level. 

4.10  Methodology  Summary 

The  goal  of  this  study  is  to  determine  the  security  of  a  dynamic  S-box  AES  design  by 
attacking  AES-128  and  RAES-128  implementations  with  simulated  DEA.  The  SUT  is  the 
Cryptanalysis  System,  which  reduces  the  entropy  of  the  encryption  key.  The  CUT  is  the 
Solver  of  DEE  and  recovers  the  encryption  key.  The  factor  tested  is  attack  implementation. 
Simulated  attacks  provide  more  meaningful  data  for  analysis  while  remaining  cheap  and 
easy  to  implement.  This  data  allows  verification  of  the  theoretical  analysis  in  Section  3.3. 


55 


V.  Analysis  of  Experimental  Attack  Results 


This  chapter  analyzes  the  experimental  data  captured  as  described  in  Section  4.8.  The 
focus  of  this  chapter  is  validation  of  the  theoretical  average  keyspace  reduction  after  1 
pair  of  ciphertexts  leveraging  round  10  reductions.  This  chapter  also  analyzes  reductions 
after  multiple  pairs  along  with  a  few  other  interesting  discussions  and  observations  about 
the  data.  The  data  captured  for  each  attack  includes:  the  AES  implementation;  total 
runtime  required;  number  of  faulty  ciphertexts  required;  the  plaintext  encrypted;  the 
encryption  key;  the  recovered  encryption  key;  runtimes  required  for  each  faulty  ciphertext 
reduction;  keyspace  remaining  after  each  faulty  ciphertext  reduction;  the  fault  value  that 
when  XOR’ed  with  *Sq  is  the  resulting  faulty  value  used  moving  forward;  the  resulting 
faulty  ciphertext;  the  average  columnspace  after  each  faulty  ciphertext  reduction;  and,  if  a 
RAES  implementation,  the  number  and  values  of  ^°R  still  valid  after  each  faulty  ciphertext 
reduction. 

5.1  Existing  Attack 

Prior  research  establishes  a  round  10  reduced  keyspace  of  2^^,  analysis  in  Section 
3.3.3  establishes  a  slightly  higher  4,501,500,262  «  average.  Eigure  5.1  displays 

the  frequency  of  reduced  keyspaces  after  one  pair  of  faulty  ciphertexts  with  the  expected 
and  observed  averages  marked.  This  data  greatly  departs  from  a  normal  distribution  with 
a  very  long  and  non-continuous  tail.  The  observed  mean  is  5,404,337,163  « 
902,756,005  «  2^^^“^^^  larger  than  the  theoretical  average.  However,  the  log2  of  the 
observed  and  theoretical  means  only  differ  by  0.2637.  Eigure  5.2  represents  this  same 
data  in  a  boxplot.  This  highlights  the  skew  of  the  data. 
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Reduced  Keyspace  from  1  Cipher  Pair  Round  10  Reduction  on  AES-128 
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Figure  5.1:  Histogram  of  AES- 128  Keyspace,  1  Faulty  Ciphertext  Round  10  Reduction. 


Reduced  Keyspace  from  1  Ciper  Pair,  Round  10  Reduction 
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Figure  5.2:  Boxplot  of  AES- 128  Keyspace,  1  Faulty  Ciphertext  Round  10  Reduction. 
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Examining  the  quartile  values  in  Figure  5.3,  the  first  two  quartiles  occur  in  a  range 
of  693,043,200,  while  the  third  quartile  spans  a  range  of  3,303,014,399  and  the  last 
27,981,250,661.  This  analysis  explores  this  extreme  skew  in  density  later.  Figure  5.4 
displays  the  data  as  log2  transformed  which  helps  to  minimize  this  skew,  although  a  bottom 
heavy  density  remains  apparent.  Figure  5.5  displays  this  same  log2  transformation  applied 
to  the  histogram.  An  additional  line  to  mark  the  observed  log2  mean  is  also  added. 
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Figure  5.3:  Quartiles  of  AES- 128  Keyspace,  1  Faulty  Ciphertext  Round  10  Reduction. 


Log2  Transformed  Reduced  Keyspace  from  1  Ciper  Pair,  Round  10  Reduction 
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Figure  5.4:  Boxplot  of  Fog2  Transformed  AES- 128  Keyspace,  1  Faulty  Ciphertext 
Round  10  Reduction. 
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Log2  Transformed  Reduced  Keyspace  from  1  Cipher  Pair  Round  10  Reduction  on  AES-128 


2^  Remaining  Possible  Keyspace 

Figure  5.5:  Histogram  of  Log2  Transformed  AES- 128  Keyspace,  1  Faulty  Ciphertext 

Round  10  Reduction. 


This  transformation  creates  a  more  interesting  representation  of  the  data.  The  data 
manifests  in  several  high  density  spikes  approximately  around  31.8,  32.9,  34.9  and  35.9. 
Each  grouping  appears  to  be  close  to  a  normal  distribution,  and  lessening  in  magnitude  with 
each  additional  power  of  2.  This  observed  data  makes  sense  as  the  most  likely  theoretical 
average  is  (127  x  x  2^)^  =  3,970,610,628  «  and  each  time  another  key 

byte  has  4  possibilities  rather  than  2,  an  increase  by  one  power  of  2  occurs.  As  these 
4  possibility  key  bytes  are  unlikely  with  probability  (1/127),  the  diminishing  frequency 
fits.  This  analysis  explains  the  drastic  skew  in  density  and  the  inter-group  distributions. 
The  close  to  normal  distributions  around  these  groupings  also  require  examination.  Part 
of  the  reduction  power  is  the  number  of  b  relations  expected  to  hold  per  column.  The 
average  is  127  x  ~  15.6889.  However,  discrete  values  cannot  be  decimal  creating 
slightly  higher  and  lower  values.  If  each  column  has  15  valid  relations,  2^^  becomes 
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(15  X  2Y  =  3,317,760,000  *  and  at  16  becomes  (16  x  2Y  =  4,294,967,296  = 

2^^.  Combinations  of  15  and  16  valid  relation  columns  fall  between  these  values  and  closer 
to  the  average  (e.g.,  (15x2"^)^x(16x2"^)^  =  3,774, 873,600  «  The  number  of  valid 

b  relations  does  not  have  nearly  the  same  magnitude  of  effect  on  the  expected  remaining 
keyspace  as  the  number  of  valid  byte  keys.  This  smaller  effect  explains  the  intra-group 
distributions. 

Figure  5.6  shows  the  remaining  keyspace  after  two  faulty  ciphertexts.  Two  attacks 
still  had  4  possible  values  and  a  third  had  16  possible  values.  The  attacks  with 
four  keys  remaining  manifest  either  in  one  byte  with  four  possible  values  and  the  15  other 
bytes  fixed  or  two  bytes  with  two  possible  values  and  the  14  other  bytes  fixed.  Similarly, 
the  attack  with  sixteen  possible  keys  remaining  manifests  in  one  of  several  possibilities: 
two  bytes  with  4  possible  values  and  the  other  14  fixed;  one  byte  with  4  values,  two  with  2 
and  the  other  13  fixed;  or  four  bytes  with  2  values  and  the  other  12  fixed.  However,  since 
no  attacks  yielded  2  possible  values  after  two  faulty  ciphertexts,  only  bytes  with  four 
possible  values  likely  create  the  overlap  of  these  three  keyspaces.  The  observed  remaining 
mean  keyspace  is  =  1  -1-  .0084,  significantly  larger  than  the  expected  1  -l- 

The  analysis  of  multiple  faulty  ciphertexts  in  Section  3.3.4  assumed  the  non-valid  keyspace 
bytes  were  random  because  claiming  an  underlying  relationship  requires  substantial  data, 
analysis  and  understanding.  This  attack  implementation  did  not  collect  the  actual  potential 
keyspace  values  at  intermediate  reduction  stages.  Further  analysis  requires  at  least  this 
data,  so  explaining  the  unexpected  non-valid  keyspace  bytes  after  two  faulty  ciphertexts 
is  not  possible.  However,  these  three  attacks  with  multiple  possible  values  remaining 
suggest  the  non-valid  keyspace  bytes  are  not  random. 

The  quartiles  show  that  the  median  value  is  well  below  the  theoretical  average, 
however  the  extreme  upper  half  values  skew  the  mean  above  the  median.  Overall,  the 
theoretical  averages  appear  to  underestimate  the  true  average  reduction  by  not  properly 
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accounting  for  either  the  likelihood  of  the  one  4  key  byte  associated  b  value  being  valid,  or 
the  associated  drastic  increase  in  remaining  keyspace.  Although  still  an  underestimation, 
the  theoretical  average  appears  to  more  closely  estimate  the  average  log2  remaining 
keyspace.  Additionally,  the  reduction  power  between  two  cipher  pairs  does  not  provide 
enough  information  to  adequately  predict  the  number  of  cipher  pairs  required  on  average. 
Reduced  keyspaces  associated  with  faulty  ciphertexts  appear  non-random  and  to  have  some 
increased  association. 


Reduced  Keyspace  from  2  Cipher  Pair  Round  10  Reduction  on  AES-128 
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Figure  5.6:  Histogram  of  AES- 128  Keyspace,  2  Faulty  Ciphertext  Round  10  Reduction. 


As  mentioned  in  Section  4.5,  because  this  experimentation  used  no  explicitly 
controlled  testing  environment,  rigorous  analysis  of  timing  data  is  not  valid.  However, 
to  provide  a  context  to  the  work  factor  required  for  the  attack,  a  histogram  of  attack  times 
follows  in  Figure  5.7.  The  average  attack  time  is  0.1747  seconds. 
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Histogram  of  DFA  on  AES-128  Runtimes 
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Figure  5.7:  Histogram  of  AES-128  DFA  Runtime. 


5.2  Attack  Extension 

Section  3.3.4  established  an  average  theoretical  remaining  keyspace  of  after 

1  cipher  pair  round  10  reduction  on  RAES  implementations.  This  section  analyzes  the 
observed  experimental  data  in  an  effort  to  validate  this  expected  theoretical  analysis.  First, 
Figure  5.8  shows  the  log2  transformed  boxplot  of  this  reduction  across  each  of  the  four 
RAES- 128  Type  implementations.  Theoretical  analysis  resulted  in  the  same  reduction 
regardless  of  Type,  these  observed  data  agree.  Formally  checking  this  conclusion  with  the 
Tukey  multiple  comparisons  of  means  test  in  Figure  5.9  conhrms  that  there  is  no  statistical 
difference  in  the  average  reduction  power  regardless  of  RAES  implementation.  The  0 
RAES  Implementation  Type  is  the  combination  of  all  Types  1-4.  Thus,  analysis  moving 
forward  is  performed  on  all  RAES  implementations  treated  as  one  population. 
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Log2  Transformed  Reduced  Keyspace  from  1  Ciper  Pair,  Round  10  Reduction 
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Figure  5.8:  Boxplots  of  Log2  Transformed  RAES-128  Keyspace,  1  Faulty  Ciphertext 
Round  10  Reduction. 
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Figure  5.9:  Tukey  Multiple  Comparisons  of  Means  Test  of  RAES-128  Types,  1  Eaulty 
Ciphertext  Round  10  Reduction. 
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Figure  5.10  is  a  histogram  of  the  1  cipher  pair,  round  10  reduction  on  all  Rotational 
S-box  AES  implementations.  This  reduction,  although  much  closer  to  normal  than  the 
existing  attack’s  data  still  maintains  the  extreme  skew  in  density  with  a  long  right  tail 
and  high  outliers.  The  expected  theoretical  mean  is  1, 152,384,067,070  «  The 

observed  mean  is  1,236,479,882,848  «  84,095,815,778  larger  than  expected. 

However,  the  difference  of  the  log2  of  the  means  is  only  0.1016. 


Reduced  Keyspace  from  1  Cipher  Pair  Round  10  Reduction 


Remaining  Possible  Keyspace 


Figure  5.10:  Histogram  of  RAES-128  Keyspace,  1  Faulty  Ciphertext  Round  10 
Reduction. 


Examining  the  quartiles  in  Figure  5.11,  like  in  the  existing  attack  on  AES,  the  median 
is  below  the  expected  average.  However,  now  the  third  quartile  contributes  significantly 
less  to  the  skew.  Instead,  the  immense  magnitude  of  the  values  in  the  last  quartile  produce 
this  skew.  Due  to  the  extreme  scaling  of  keyspaces,  like  before  in  the  existing  attack 
analysis,  using  a  log2  transformation  helps  make  this  more  meaningful  data.  Figure  5.12 
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displays  the  transformed  histogram.  The  result  is  a  normal  distribution  centered  near  the 
theoretical  average.  Unfortunately  that  does  not  encompass  all  the  data;  another  near 
normal  distribution  centered  near  41.5  and  several  extreme  right  outliers  also  are  present. 
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Figure  5.11:  Quartiles  of  RAES-128  Keyspace,  1  Faulty  Ciphertext  Round  10 
Reduction. 


Log2  Transformed  Reduced  Keyspace  from  1  Cipher  Pair  Round  1 0  Reduction 


Figure  5.12:  Histogram  of  Log2  Transformed  RAES-128  Keyspace,  1  Eaulty 
Ciphertext  Round  10  Reduction. 
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The  normal  distribution  hot  spot  near  fits  with  the  theoretical  analysis.  The 
secondary  distribution  around  2"^^  ^  and  the  lack  of  tertiary  and  quaternary  reduction  pockets 
as  seen  in  the  existing  analysis  need  further  investigation.  The  existing  attack  had  those  hot 
spots  from  the  unlikely  ‘high’  number  of  key  byte  stepbacks  (i.e.,  the  4  key  byte  b  values). 
Now  for  an  attack  to  deviate  from  the  rest,  each  of  the  256  S-boxes  used  need  to  hit  the 
‘high’  key  byte  stepbacks.  This  property  has  an  averaging  effect  making  the  values  seen 
more  consistent:  (total  reduced  keyspace)  =  ((S-boxo  reduced  keyspace)  +  (S-boxi  reduced 
keyspace)  +  . . .  +  (S-box255  reduced  keyspace))  =  (Average  S-box,-  reduced  keyspace)  x2^. 
As  discussed  in  the  analysis  of  the  existing  attack,  the  number  of  valid  b  relations  has 
a  much  smaller  effect  on  keyspace  size  than  the  number  of  valid  byte  keys  per  valid  b. 
Examining  the  maximum  value  of  if  every  S-box  had  the  same  stepback  properties 

as  S-boxo,  only  each  of  the  256  S-box  stepbacks  resulting  in  about  a  2^^  reduced  keyspace 
would  achieve  such  a  large  remaining  keyspace  (2^^  x  2^  =  2^^).  Since  Figure  5.5  holds 
only  four  attacks  with  key  spaces  near  2^^,  seeing  this  256  times  for  a  single  discrete  attack 
would  be  extremely  unlikely.  With  reasonable  certainty,  the  other  S-box’s  do  not  have 
such  uniform  stepback  properties.  This  variability  may  be  due  to  S-box  construction  using 
multiplicative  inverses,  but  rotating  the  S-box  removes  this  property.  Thus  a  histogram 
like  Figure  5.5  for  an  alternate  S-box  would  likely  have  a  much  greater  variance  with  high 
density  hot  spots  spaced  more  sporadically  and  more  extreme  outlier  values. 

As  mentioned  in  Section  4.8,  the  keyspace  calculation  depends  on  values,  thus 
one  and  two  create  an  observed  keyspace  of  two.  Pilot  studies  revealed  this 
duplicity  is  exactly  what  happens.  These  studies  revealed  that,  regardless  the  number  of 
faulty  ciphertexts  used.  Round  10  column  reductions  maximumly  reduce  the  keyspace  to 
two  '°R  and  one  ^°K.  The  experimental  data  shows  these  two  possible  rotation  10  values 
are  always  128  apart.  A  rotation  of  128  is  a  special  case  because  a  half  rotation  is  its  own 
inverse,  b  ffl  128  ffl  128  =  b  ffl  256  =  b.  This  addition  of  128  mod  256  flips  the  leftmost 
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bit  which  is  exactly  an  XOR  of  128.  Thus,  SBR(128)  =  ffl  128  =  ©  128.  This  one  case 
of  R  =  128  is  a  special  case  of  the  general  extension  tried  in  Section  3.3.2.  Analyzing  this 
property  in  the  additive  SBR  fault  propagation  model  outlined  in  Figure  3.12  from 
to  ^°AS\  if  ^°R  =  0  is  valid,  then  ^°R  =  0  ffl  128  is  also  valid. 

SBR(^°S°,0)  ©  SBR(i°S°,0)  =  =  i°ASi 

SBR(^°S||,0  ffll28)  ©  SBR(^°S°,0  ffll28)  =  SBR(SBR(^°S°,  0),  128)  ©  SBR(SBR(^°S°,  0),  128) 

=  (SBR(i°S°,  0)  ©  128)  ©  (SBRO°S°,0)©  128) 

=  (SBR(i°S°,  0)  ©  SBR(i°S°,0))  ©  (128©  128) 

=  '°ASi  ©  0  = 

The  theoretical  expected  average  keyspace  of  Section  3.3.4  overlooks  this  (ffl  128) 
equivalence.  Including  this  additional  information,  the  theoretical  mean  after  one  faulty 
ciphertext  drops  to  Accounting  for  this  equivalence  in  the  observed  data,  the 

observed  mean  is  This  adjustment  does  not  consider  ^°R  not  128  apart  with 

the  same  which  possibly  creates  an  overcount  of  remaining  However,  any  such 
overcount  is  likely  negligible.  The  increased  observed  mean  remaining  keyspace  over  the 
theoretical  existing  AES  attack  is  likely  due  to  an  inherent  skew  in  the  data  not  fully  or 
properly  captured  in  the  theoretical  analysis.  Although  the  theoretical  mean  reductions 
are  underestimations,  they  are  still  great  estimates  of  the  magnitude  of  the  remaining 
keyspace  as  evidence  in  the  close  log2  transformed  means.  In  most  areas  of  work,  an  error 
of  2^^  '^^^  -  2^^  '’^^^  =  42,071,374,371  is  not  considered  negligible,  or  even  acceptable. 
However,  the  difference  of  the  log2  of  the  means  is  only  0.1016.  For  purposes  of  knowing 
the  general  work  factor  and  computing  power  necessary  to  perform  an  attack,  the  theoretical 
analysis  is  more  than  sufficient. 

Figure  5.13  shows  the  number  of  valid  ^°R  values  after  two  ciphertext  reductions. 
Every  single  attack  reduced  to  two  ^°R  values  at  this  point  meaning  just  the  correct  ^°R  and 
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'°R  ©  128  remain.  Since  these  share  the  same  reduced  keyspaces,  the  observed  remaining 
keyspace  overcounts  the  actual  remaining  keyspace  by  a  factor  of  2.  Figure  5.14  displays 
the  log2  transformed  histogram  of  the  true  remaining  keyspace  accounting  for  this  double 
count. 


Reduced  Rotationspace  from  2  Faulty  Ciphertexts  Round  10  Reduction 

10000 


Number  of  Remaining  RIO 


Figure  5.13:  Histogram  of  Remaining  Rio,  2  Faulty  Ciphertext  Round  10  Reduction. 


The  vast  majority  of  the  time,  specifically  9, 263  of  10, 000  attacks,  a  reduction  to  one 
valid  occurs  after  two  faulty  ciphertexts.  However,  compared  to  the  attack  on  AES,  a 
larger  possible  remaining  keyspace  of  64  is  possible  after  this  double  reduction,  with  2  and 
4  much  more  common.  The  updated  theoretical  expected  remaining  keyspace  accounting 
for  the  double  count  is  1+2“"^^  The  observed  mean  remaining  keyspace  is  1+.1893. 
As  with  the  existing  attack,  proper  explanation  of  this  disparity  is  not  possible  without 
further  data  and  analysis.  Figure  5.15  shows  that  reducing  with  a  third  faulty  ciphertext 
leaves  just  8  total  attacks  that  still  require  reduction  at  2  and  4  values.  Application  of 
the  key  schedule  reversal  reductions  would  likely  reduce  these  to  just  1  value,  however 
this  attack  implementation  did  not  attempt  that  reduction. 
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Log2  Reduced  Keyspace  from  2  Faulty  Ciphertexts  Round  10  Reduction 
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Figure  5.14:  Histogram  of  Log2  Transformed  Observed/2  RAES-128  Keyspace,  2 
Faulty  Ciphertext  Round  10  Reduction. 


Reduced  Keyspace  from  3  Faulty  Ciphertexts  Round  10  Reduction 
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Figure  5.15:  Histogram  of  Observed/2  RAES-128  Keyspace,  3  Eaulty  Ciphertext 
Round  10  Reduction. 


69 


Figure  5.16  shows  that  total  key  space  reduction  requires  a  maximum  of  four  cipher 
pairs,  thus  no  further  keyspace  histograms  are  necessary  for  analysis.  The  increased 
remaining  keyspace  of  after  1  faulty  ciphertext  does  not  explain  the  increased 

number  of  remaining  valid  after  multiple  faulty  ciphertexts  compared  to  the  theoretical 
expected  value  or  the  existing  attack  on  AES.  Since  only  the  two  128  apart  remain 
after  two  or  more  faulty  ciphertexts  and  these  share  the  same  keyspace,  effectively  only 
the  keyspace  associated  with  one  S-box  remains.  Were  the  reductions  between  all  S-boxes 
uniform.  Figure  5.14  would  be  indistinguishable  from  a  log2  transformation  of  Figure  5.6. 
Therefore,  the  less  evenly  distributed  key  byte  densities  of  rotated  S-boxes,  which  do  not 
change  the  average  reduction,  impact  discrete  cases  by  increasing  overlapping  matches 
between  reductions.  Figure  5.17  displays  the  runtime  required  for  full  key  recovery. 
Meaningful  in  depth  analysis  of  runtimes  is  not  valid.  However,  this  increased  average 
runtime  of  11.38  seconds  -  over  60  times  the  runtime  required  for  the  existing  attack  on 
AES  -  provides  context  for  the  work  factor  of  the  attack. 


Number  of  Cipher  Pairs  Required  for  Key  Recovery  in  DFA  on  RAES--128 
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Figure  5.16:  Histogram  of  Required  Cipher  Pairs  for  Full  Key  Recovery  on  RAES-128. 
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Histogram  of  DFA  on  RAES-128  Runtimes 
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Figure  5.17:  Histogram  of  RAES-128  DFA  Runtime. 


5.3  Design  Suggestions 

Recovery  of  the  round  10  encryption  key  is  the  crux  of  existing  DFA  attacks.  RAES 
implementations  create  more  complexity  in  reversing  to  the  encryption  key.  Since  the 
key  schedule  does  not  need  to  be  invertible  (both  encryption  and  decryption  logically  step 
forward  through  the  key  schedule,  only  optimization  possibly  uses  invertibility),  adding 
further  complexity  to  this  algorithm  such  that  reversal  is  infeasible  would  weaken  these 
attacks.  Changing  the  key  schedule  entirely,  creating  a  one  way  function  would  also 
accomplish  this  goal,  but  modifying  the  existing  key  schedule  requires  less  alterations  and 
would  take  less  work  to  vet  since  over  a  decade  of  research  and  use  well  establish  the 
foundations  of  the  existing  key  schedule.  A  modified  key  schedule  which  creates  three 
expanded  keys  follows. 

•  Key  Schedule  3.  The  RAES  key  schedule  2  creates  two  expanded  keys.  As  intended, 
the  first  is  the  expanded  rotation  key.  However,  the  second  is  the  expanded  key 
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schedule  rotation  key.  XORing  all  16  bytes  of  each  round  creates  expanded  key 
schedule  rotation  values.  These  values  define  the  S-box,  used  in  the  SW  operation 
of  the  third  key  expansion.  This  third  expanded  key  built  is  the  expanded  encryption 
key. 

Previously,  the  expansion  of  the  expanded  encryption  key  only  relied  on  one  S-box, 
creating  256  possible  ways  to  rebuild  the  encryption  key  from  This  new  scheme  uses 
a  rotation  value  for  each  round  of  the  encryption  key  schedule  effectively  creating  a  (2^)^*^ 
work  factor  to  reverse  to  the  encryption  key.  Now,  even  with  a  successful  DFA  on  the 
State,  reversal  through  the  key  schedule  is  computationally  infeasible.  Instead,  Eve  needs 
to  perform  this  DFA  attack  on  each  round  enables  decryption  to  the  end  of  round  9, 

enables  decryption  to  the  end  of  round  8,  etc.)  until  the  work  factor  is  computationally 
feasible.  This  attack  method  increases  the  resources  and  access  required  of  an  attacker  by 
increasing  the  number  of  faulty  ciphertext  pairs  required.  DFA  on  the  Key  Schedule  could 
possibly  bypass  some  of  this  work  factor  or  leverage  a  more  powerful  fault  injection,  but 
since  each  round  rotates  by  a  separate  value,  full  reversal  would  still  likely  be  infeasible 
or  highly  costly  with  few  faults.  Following  is  an  updated  list  of  implementations  which 
includes  this  new  key  schedule. 

•  RAES  Type  1.  Key  Schedule  1  and  Rotation  Reduction  1 

•  RAES  Type  2.  Key  Schedule  1  and  Rotation  Reduction  2 

•  RAES  Type  3.  Key  Schedule  2  and  Rotation  Reduction  1 

•  RAES  Type  4.  Key  Schedule  2  and  Rotation  Reduction  2 

•  RAES  Type  5.  Key  Schedule  3  and  Rotation  Reduction  1 

•  RAES  Type  6.  Key  Schedule  3  and  Rotation  Reduction  2 
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5.4  Analysis  Summary 

The  mean  observed  remaining  keyspace  after  applying  the  existing  attack  to  AES- 128 
is  higher  than  expected.  The  theoretical  analysis  explains  the  range  and  relative  densities 
of  values  seen,  but  does  not  fully  account  for  the  high  outliers.  However,  this  analysis  still 
provides  a  good  estimate  of  the  general  expected  complexity  and  reduction  power.  Analysis 
of  the  observed  extension  data  reveals  that  the  S-box  rotation  only  introduces  a  complexity 
of  128,  not  256  for  DFA  attacks  because  ffl  128  =  ©  128.  Updating  the  theoretical  analysis 
to  include  this  information  reduces  the  expected  mean  to  2^^  This  theoretical  mean  also 
underestimates  the  observed  remaining  keyspace,  but  again  the  theoretical  analysis  explains 
the  range  and  relative  densities  of  the  values  seen,  while  not  fully  accounting  for  the  high 
outliers.  This  analysis  still  provides  a  good  estimate  of  the  general  expected  complexity 
and  reduction  power.  The  increase  in  attack  time  from  AES- 128  to  RAES-128  highlights 
the  increased  complexity  RAES  introduces.  Altering  the  RAES  key  schedule  creates  an 
effectively  one  way  expanded  encryption  key  expansion  which  mitigates  DEA  on  the  State. 
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VI.  Conclusion 


Overall  this  research  shows  initial  progress  into  the  extension  of  applying  existing 
DFA  techniques  to  Dynamic  S-box  AES  implementations.  This  research  uses  RAES-128 
for  non-trivial  simplicity,  proof  of  concept,  and  flexibility  in  initial  exploratory  attempts. 
Analysis  produced  a  reasonable  attack  requiring  one  fault  on  the  State  in  round  8,  with 
full  key  recovery  possible  with  two  or  more  faulty  ciphertexts.  The  theoretical  analysis  of 
the  existing  attack  on  AES  slightly  overestimates  the  observed  average  reduction  power. 
Analysis  of  the  extension’s  experimentation  data  revealed  additional  information  allowing 
the  theoretical  analysis  to  reduce  to  This  value  also  slightly  overestimates  the 

observed  average  reduction  power. 

6.1  Impact 

This  research  reveals  RAES-128  Types  1-4  are  nominally  more  secure  than  AES- 
128  against  DEA  attacks  on  the  State.  Therefore,  these  RAES  implementations  should 
still  incorporate  current  DEA  mitigation  techniques  when  securing  high  value  data.  The 
proposed  implementations,  RAES-128  Types  5-6,  should  make  key  reversal  more  difficult 
and  costly,  protecting  the  encryption  key.  However,  DEA  still  enables  full  decryption  with 
sufficient  resources.  Therefore,  RAES-128  Types  5-6  should  still  incorporate  current  DEA 
mitigation  techniques  when  securing  high  value  data.  Despite  the  potential  of  RAES- 
128  Types  5-6,  this  paper  still  recommends  use  of  non-proprietary  best  practice  AES 
implementations  following  the  guidelines  established  in  [2]  because  these  platforms  are 
transparent,  well  established  and  regularly  publicly  reviewed  and  updated. 

6.2  Contributions 

This  research  made  several  contributions  to  cryptology. 
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•  This  research  determines  extension  of  current  DFA  attacks  to  Dynamic  S-hox 
AES  variants  is  possible.  Chapter  3  extends  DFA  on  the  State  to  RAES-128 
implementations . 

•  This  research  reveals  expected  keyspace  reduction  power  of  DFA  extensions. 

Section  3.3.4  expects  DFA  on  the  State  of  all  four  RAES-128  implementations  to 
have  a  reduction  power  of 

•  This  research  huilds  functional  attacks  which  demonstrate  full  key  and  plaintext 
recovery.  Chapter  5  discusses  how  the  (R)AES-DEA  attack  simulation  platform 
successfully  attacks  AES- 128  and  all  RAES-128  implementations. 

•  This  research  provides  an  easy  to  follow  and  self-contained  resource  which 
walks  through  the  mechanics  and  analysis  of  DFA  attacks.  Chapters  2,  3  &  5 
create  a  thorough  introduction  to  DFA  on  the  State. 

•  This  research  appreciably  adds  to  the  overall  security  analysis  of  Dynamic  S-box 
AES  variants.  Chapters  3  &  5  provide  insight  on  DFA  concerns. 

•  This  research  contributes  to  the  literature  of  theoretical  analysis.  Chapter  3 
updates  the  existing  analysis  of  DFA  on  the  State  of  AES -128,  and  yields  new 
analysis  of  DFA  on  the  State  of  RAES-128.  Chapter  5  compares  theoretical  analysis 
to  experimental  data. 

•  This  research  helps  inform  and  shape  future  discussions  of  cryptographic 
standards  and  algorithmic  design  decisions.  An  irreversible  key  schedule  would 
significantly  mitigate  DFA  attack  power. 

6.3  Future  Work 

This  research  extends  to  a  simple  non-trivial  Dynamic  S-box  AES  variant.  As  such, 
many  vectors  of  improvement,  expanded  scope,  and  future  work  exist.  Most  directly. 
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this  manifests  in  leveraging  the  round  9  relations  with  a  reasonable  work  factor  and 
extending  DFA  on  the  State  to  RAES-192  and  RAES-256  implementations.  Also,  the 
current  theoretical  analysis  models  need  further  attention  to  fully  and  more  accurately 
capture  the  expected  reduction  power  of  attacks.  Other  work  includes  implementing, 
testing,  and  attacking  the  proposed  RAES  implementations.  Types  5  and  6,  or  one  similar 
which  theoretically  makes  key  reversal  computationally  infeasible  from  the  last  round 
key.  Extending  other  DEA  attacks,  specifically  DEA  on  the  Key  Schedule  to  RAES 
implementations  is  another  area  of  interesting  future  work.  The  last  area  of  future  work 
is  extending  all  DEA  attacks  to  other  Dynamic  S-box  variants. 
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Appendix  A:  Discussion  of  Rotational  S-box  Design  Decisions 


AES-KDS  as  described  in  [22]  leaves  several  implementation  details  open  to 
interpretation.  This  appendix  first  presents  higher  level  questions,  then  discusses  case  and 
type  specific  ambiguities. 

The  most  significant  unknown  is  directly  related  to  the  S-box  rotation.  The  round 
rotation  value  “...is  used  to  rotate  the  S-box.  The  resulting  S-box  is  used  during  the 
SubBytes  operation.”  And  “each  round  AES-KDS  S-box  can  have  256  possible  entries. 
Totally  there  are  10  rounds.  So  total  number  of  possible  S-boxes  is  given  by, 

256  X  256  X  256  x  256  x  256  x  256  x  256  x  256  x  256  x  256  =  2^°”. 

These  passages  make  clear  each  round  rotates  the  S-box,  but  do  not  define  if  this  is  the 
standard  AES  S-box  or  the  previous  round’s  S-box.  That  is,  it  is  not  well  defined  if  the 
application  of  RotSBox  is  iterative.  The  only  clue  is  provided  by  the  pseudo  code.  Below 
is  the  section  of  the  pseudo  code  for  Case  2  encryption  rounds  1  through  9: 

for  (round=  1 ;  round<=9 ;  round+4-) 

{ 

rotate=(expanded_key  [round*4]  "expanded-key  [round*4-rl] 

"  expanded_key  [round* 4-r2  ]  '  expanded_key  [round*4+ 3  ] )  &mask ; 
create  s  box(s  box, rotate)  ; 

//  function  to  rotate  S-box  to  left  by  a  value  equal  to  rotate 
substitute.bytes  (state ,  s_box)  ; 
shift_row(state)  ; 
mix_column(state) ; 

add  round  key (round*4 ,  state ,  expanded  key)  ; 


For  this  code  to  work  as  expected  and  described  in  [22],  these  function  calls  must  be  by 
reference.  Otherwise,  create  s  box(s  box, rotate)  would  create  a  newly  rotated  S- 
box  that  is  never  used  in  substitute.bytes  (state ,  s_box)  and  further  the  state  would 
never  be  updated.  Thus,  given  only  this  information,  an  iterative  S-box  rotation  is  the  most 
logical  conclusion. 

The  other  high-level  problem  is  that  the  provided  pseudo  code  does  not  provide 
sufficient  detail  to  make  data  structures,  variables,  and  operations  well  defined.  Severai 
instances  of  this  iack  of  definition  are  now  provided. 

The  first  case  of  non-expiicit  definition  is  the  pseudo  code  function 
create  s  box (s  box , rotate),  which  is  described  oniy  by  the  comment  “\\  function  to 
rotate  S-box  to  ieft  by  a  vaiue  equai  to  rotate”.  This  foiiows  the  iogicai  expianation  of  the 
RotSBox  step,  however  no  expiicit  definition  or  pseudo  code  is  provided.  This  aiiows  for 
the  ambiguity  of  an  iterative  S-box  to  remain.  As  such,  oniy  a  iogicai  appiication  of  the 
description  within  the  paper  and  pseudo  code  can  be  appiied. 

A  simiiar  probiem  exists  with  key  expansionfexpanded  key  ,key ,  s  box).  This 
pseudo  code  function  is  oniy  described  by  the  comment  ‘\\  as  in  originai  AES’.  The  pseudo 
code  snippet  beiow  shows  the  context  of  key.expansion  as  used  in  the  key  scheduie  sec¬ 
tion  of  the  aigorithm: 

rotate=temp; 

create_s_box(s_box , rotate)  ; 
key_expansion(expanded_key  1 , key ,  s_box)  ; 

//  as  in  original  AES 
for  (i=0 ;  i<44 ;  i-i-i-) 

fprintf (kyl , "%lx  " , expanded_keyl [i] )  ; 

On  a  high  ievei,  this  code  appears  to  set  a  rotate  vaiue  and  rotate  the  S-box  by  this  vaiue. 
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Then,  the  encryption  key  is  expanded  using  the  standard  AES  key  expansion  algorithm 
with  the  exception  that  S-box  lookups  use  this  rotated  S-box.  The  resulting  expanded 
key  is  saved  as  expandedJceyl.  No  explicit  definition  or  pseudo  code  is  provided  for 
key.expansion,  so  logical  interpretation  is  necessary. 

Variable  specific  problems  are  also  present  in  the  pseudo  code.  For  both  Type  1  and  2 
key  schedules,  the  variable  key  receives  a  hard  coded  value.  Below  are  pertinent  snippets 
of  code  from  each  of  these: 


Type  1 

unsigned  char  key [16]=123456789®ABCDEF ; 

create_s_box(s_box ,  rotate)  ; 
key_expansion(expanded_key ,  key ,  s_box)  ; 


Type  2 

unsigned  char  key [16]=123456789®ABCDEF ; 

create_s_box(s_box , rotate)  ; 

key  expansion(expanded  key  1 , key ,  s  box)  ; 

create_s_box(s_box ,  shift)  ; 

key  expansionfexpanded  key2  ,  key ,  s  box)  ; 

Logical  interpretation  of  this  would  mean  key  expansion  and  thus  encryption  was  not 
dependent  on  the  provided  encryption  key.  If  this  were  the  case,  encryption  of  a  given 
plaintext  with  two  different  keys  would  result  in  the  same  resulting  ciphertext.  However, 
this  is  not  the  case  as  seen  in  the  paper’s  experimental  results.  Therefor,  this  must  be 
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interpreted  as  an  example  key  value  provided  to  clarify  its  structure  and  use  in  the  pseudo 
code. 

The  next  potential  problem  relates  to  Case  2  round  rotation  keys.  The  paper  text 
describes  the  reduction  from  round  rotation  key  to  round  rotation  value  as  the  ‘XOR 
operation  of  all  the  bytes’: 

Suppose  for  a  particular  round  j,  if  the  round  key  value  is 

06ACB47D588A9ED837D50E923C4055B5  (each  byte  represented  by  2-Hex 
digits). 

Here  XOR  operation  of  all  the  bytes  is  taken. 

15(Hex)=06"AC"B4"7D"58"8A"9E"D837"D5W923CW55"B5  ("symbol  used 
for  XOR) 

The  resulting  byte  value  15(Hex)  is  used  to  rotate  the  Sbox. 

However,  the  pseudo  code  to  accompany  this  does  not  logically  perform  the  XOR  as 
described.  Provided  is  a  pertinent  snippet: 
unsigned  long  int  mask=0x££; 

£or  (round=  1 ;  round<=9 ;  round+-i-) 

{ 

rotate=(expanded_key  [round*4]  "expanded.key  [round*4-rl] 

"expanded.key  [round*4-r2]  "expanded.key  [round*4+3]  )&mask ; 


Rotate=  (expanded  key  [40]  "  expanded  key  [41] 

"expanded-key  [42]  "expanded-key [43]  )&mask; 

The  rotate  value  calculated  in  this  pseudo  code  is  only  the  XOR  of  4  bytes,  not  all 
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16  bytes  of  the  round  rotation  key.  Eaeh  expanded_key [i]  index  must  be  a  4  byte 
value.  This  follows  from  many  details.  Traditionally,  the  expanded  key  of  AES- 128  is 
represented  by  a  4x44  matrix  of  bytes.  This  is  a  result  of  the  way  the  key  is  expanded 
and  eomputed  eolumnwise.  The  indented  rotate  value  represents  rotate  eomputed  for 
rounds  1  through  9,  while  the  seeond  Rotate  value  represents  rotate  eomputed  for  round 
10.  Indiees  40-43  are  aeeessing  the  last  four  ‘eolumns’  of  the  expanded  key  with  indexing 
starting  at  0.  Additionally,  for  four  values  to  represent  16  bytes  in  total,  eaeh  must  represent 
4  bytes.  Traeing  out  the  operation,  first,  four  4-byte  values  are  XOR’ed  resulting  in  one 
4-byte  value.  This  one  4-byte  value  is  then  bitwise  AND’ed  (&)  with  mask=0x££,  the  one 
byte  value  1111  1111b.  Thus,  depending  on  endianness,  only  the  most  or  least  signifieant 
byte  is  saved  into  rotate.  The  same  logieal  reduetion  of  round  rotation  key  to  round 
rotation  value  using  the  XOR  of  all  bytes  is  again  used  in  Case  4,  “XOR  operation  of  all 
bytes  is  taken”,  however  no  pseudo  eode  is  provided  [22]. 

The  last  part  of  the  algorithm  whieh  is  not  elearly  defined  is  the  Type  2  key  sehedule. 
Two  rotation  values  are  ealeulated,  one  from  the  eneryption  key  as  in  Type  1,  and  the 
seeond  from  expanded_keyl.  How  this  seeond  rotation  value  is  logieally  formed  is  not 
deseribed  in  the  text  whieh  only  notes,  “These  round  keys  are  also  used  for  finding  a  value 
for  rotating  the  S-box,  whieh  will  be  used  in  generating  [the]  seeond  set  of  round  keys”. 
Below  is  a  pseudo  eode  snippet  whieh  deseribes  the  seeond  rotation  value’s  ealeulation: 
£or  (i=0 ;  i<43  ;  i-i-i-) 

{ 

expanded_keyl  [i-rl]=expanded_keyl  [i]  "expanded.keyl  [i-rl]  ; 


£or(i=0 ;  i<=3  ;  i-i-i-) 

£or(j=0;  j<=3;  j-r+) 

{ 
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temp=expanded_keyl  [44]&mask; 
temp=temp»shi£tl ; 
shi£tl=shi£tl+8 ; 
mask=inask«8 ; 
shi£t=shi£t''temp ; 

} 

create_s_box(s_box ,  shi£t)  ; 
key_expansion(expanded_key2  ,  key ,  s_box)  ; 

Notably,  temp  is  initialized  as  an  unsigned  char  and  therefor  can  hold  up  to  a 
byte  of  information;  mask,  shi£t,  and  shi£tl  are  not  initialized  earlier  in  this  code 
section.  The  first  £or  loop  XOR’s  each  ‘column’  of  the  expanded  key  together.  The 
first  time  through  the  loop  expanded_keyl  [1]  is  XOR’ed  with  expanded_keyl  [0] . 
The  second  pass  XOR’s  expanded  keyl  [2]  with  expanded  key  1  [1] .  At  this  point 
expanded_keyl  [1]  is  expanded_keyl  [1]  ''expanded.keyl  [0] .  Thus,  by  the  last  pass 
of  the  loop,  expanded  keyl  [43]  =  expanded  keyl  [43] 'expanded  keyl  [42]  ^ 
'expanded-keyl  [1] 'expanded-keyl  [0] .  The  next  nested  £or  loop  section  is  where 
lack  of  explicit  details  becomes  problematic.  Ignoring  the  nested  loops  and  only  examining 
the  contents,  these  five  lines  of  code  appear  to  XOR  several  bytes  together. 

In  the  first  line,  temp=expanded_keyl  [44]&mask,  mask  is  used,  which  is  not 
initialized  in  this  code  section;  however,  mask  is  initialized  in  an  earlier  pseudo  code 
section  detailing  Case  2  encryption.  If  the  same  initialization  is  assumed,  let  mask=0x££. 
Additionally,  expanded_keyl  [44]  is  referenced,  however  the  previous  loop  only  iterates 
through  expanded  keyl  [43] .  As  discussed  previously,  expanded  keyl  must  be  an  array 
of  length  44  (and  so  indices  0-43)  to  represent  the  44  ‘columns’  of  the  expanded  key.  To 
further  this  interpretation.  Case  2  encryption  pseudo  code  only  accesses  indices  0-43  of 
expanded  key.  Thus,  let  the  44  reference  be  assumed  to  be  a  typo  which  should  read 
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43.  This  then  makes  the  first  line  set  temp  to  the  ’first’  byte  (most  or  least  significant  byte 
depending  on  endianness)  of  expanded  key  [43] . 

Moving  to  the  next  line,  temp=temp»shiftl,  shift  1  is  unknown.  However,  as 
shift  1  is  incremented  by  8  each  iteration,  or  one  byte  (as  seen  in  the  third  line),  and  temp 
holds  the  value  of  just  one  byte,  it  is  logical  to  assume  shift  1=0  as  the  initialization.  Thus, 
on  the  first  pass,  this  line  has  no  effect.  The  third  line,  shiftl=shiftl+8,  as  previously 
mentioned  increments  shift  1  by  8,  or  one  byte.  The  fourth  line  bit  shifts  mask  to  the 
left  by  one  byte.  This  logically  agrees  with  the  prior  assumption  of  its  initialization.  The 
last  line  is  the  most  interesting,  shift=shift''temp.  shift  is  not  initialized,  however, 
an  initialization  to  0  is  logical.  This  would  set  shift=temp  which  is  the  ’first’  byte  of 
expanded_keyl  [43]  on  the  first  pass. 

Tracing  through  subsequent  passes,  temp  is  set  to  the  next  byte  of  expanded_keyl  [43] 
and  bit  shifted  by  one  byte  so  there  is  not  a  byte  worth  of  trailing  zeros,  shift  1  and  mask 
are  appropriately  updated,  and  shift  is  XOR’ed  with  this  second  byte.  Thus  shift  is 
now  the  XOR  of  the  first  two  bytes  of  expanded  key  1  [43] .  After  the  first  four  iterations, 
shift  is  the  XOR  of  all  four  bytes  of  expanded_key  1  [43] ,  or  logically  when  considering 
the  prior  loop,  the  XOR  of  every  byte  in  expanded_keyl.  The  utility  of  the  outer  for  loop 
is  not  apparent.  If  it  is  not  a  misprint,  then  the  resulting  value  of  shift  would  end  up 
being  0  (x''x''x''x=0  for  any  given  value  x).  As  the  iterators  i  and  j  are  not  referenced  in 
the  content  of  the  loops,  each  iteration  of  the  outer  loop  would  be  exactly  the  same.  Based 
on  the  other  calculations  performed  to  reduce  the  round  keys  to  round  rotation  values  in 
Cases  2  and  4,  and  the  reductions  of  the  encryption  key  for  the  first  rotation  values  com¬ 
puted  in  the  key  schedules,  all  of  which  are  the  XOR  of  all  bytes  being  handled,  it  is  logical 
to  assume  the  nested  loops  is  a  typo  and  this  block  is  intended  to  XOR  all  the  bytes  of 
expanded_keyl. 
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For  this  research,  an  implementation  of  this  algorithm  was  written  in  Python  2.7 
building  off  of  the  Scripting  Languages  Open-source  Workable  AES  (SLOWAES)  code 
base  [8].  Eirst  the  code’s  base  functions  were  tested  for  proper  functionality  by  using 
NIST  sample  values  and  walkthroughs  [1],  and  were  successfully  validated.  Next,  the 
algorithm  as  best  described  by  [22]  and  discussed  above  was  implemented  on  top  of 
this  validated  AES  implementation.  Each  step  was  validated  and  carefully  examined  and 
stepped  through  to  ensure  encryption  was  following  all  expected  logical  flow.  The  rotate 
step  specifically  was  vetted  with  the  example  rotated  S-box  as  provided  by  [22].  Validation 
of  this  implementation  of  AES-KDS  was  reliant  on  the  sample  encryption  data  provided  in 
the  paper  which  is  shown  below: 


Ke 

y  =  ADF278565E262AD1 

F5DEC94A0BF25B27 

SN 

Plaintext 

Ciphertext 

1 

00  00  00  00  00  00  00  00  00 
00  00  00  00  00  00  00 

B2  43  8.“^  8?  CA  DD  F4  4E  F? 
E6  6E  D1  D7  08  83  08 

2 

00  00  00  00  00  00  00  00  00 
00  00  00  00  00  00  01 

37  14  10  49  D'  DE  2D  56  CC 
74  66  68  CF  89  4C  95 

3 

00  00  00  00  00  00  00  00  00 
00  00  00  00  00  01  01 

64  E2  Cl  53  C4  79  78  DF  FC 

87  35  15  9F  4C  39  76 

4 

10  00  00  00  00  00  00  00  00 

00  00  00  00  00  00  00 

2F  ID  C4  ID  D8  52  D6  9D  A5 

74  99  69  98  16  31  9E 

Table.  1.  Plaintext  &  Ciphertext  samples 


Key  =  .4DF278565E262AD1F5DEC94A0BF25B28 


SN 

Plaintext 

Ciphertext 

1 

00  00  00  00  00  00  00  00  00 
00  00  00  00  00  00  00 

21  55  66  73  D8  8E  4F  9D  98  55 
68  DO  06  DC  E6  35 

2 

00  00  00  00  00  00  00  00  00 
00  00  00  00  00  00  01 

32  67  6F  89  15  6E  88  80  DO  82 
07  9A  OE  E2  35  07 

3 

00  00  00  00  00  00  00  00  00 

00  00  00  00  00  01  01 

25  AE  71  C2  4F  EO  7F  A3  AD  23 
35  84  31  47  28  9E 

4 

10  00  00  00  00  00  00  00  00 

00  00  00  00  00  00  00 

C9  89  71  71  A1  FO  9D  4A  80  A9 

6D  CF  F3  EE  40  4C 

Figure  A.l:  AES-KDS  Validation  Encryptions  [22]. 


It  is  important  to  note  that  only  sample  encryptions  for  Case  4,  Type  2  as  described 
in  [22]  are  provided,  and  no  intermediate  steps  or  key  schedule  data  is  available.  Thus, 
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validation  of  this  algorithm  is  wholly  dependent  on  just  8  encryptions  and  only  one 
Case  can  truly  be  validated.  To  accomplish  this,  encryption  of  the  four  plaintexts  with 
the  two  keys  was  performed,  however  the  resulting  ciphertexts  did  not  match  those 
provided.  Because  of  the  ambiguities  described  in  the  prior  section,  the  possibility  of  a 
misinterpretation  was  reasonable.  Thus,  iterative  encryptions  testing  these  possibilities  was 
performed.  What  follows  is  a  description  of  each  moving  part  tried,  and  an  analysis  of  how 
many  combinations  were  tested. 

-  Iterative  S-box  encryption:  Is  the  S-box  iteratively  rotated  between  rounds  of 
encryption?  [Yes/No]  2  possibilities. 

-  Iterative  S-box  key  schedule:  Is  the  S-box  iteratively  rotated  between  creation  of 
expanded_keyl  and  expanded_key2?  This  is  handled  by  a  later  iterator,  1  possibilities. 

-  Iterative  S-box  key  schedule  to  encryption:  Is  the  S-box  iteratively  rotated  between  the 
key  schedule  and  the  encryption  rounds?  [Yes/No]  2  possibilities. 

-  How  is  the  round  rotation  key  reduced  to  the  round  rotation  value?  [XOR  of  all  bytes 
as  logically  described/XOR  of  most  significant  bytes  as  in  pseudo  code/XOR  of  least 
significant  bytes  as  in  pseudo  code]  3  possibilities. 

-  In  the  key  schedule,  how  is  the  first  rotate  value  calculated?  [XOR  of  all  bytes  of 
encryption  key/XOR  of  all  bytes  of  hardcoded  pseudo  code  key]  Because  of  the  importance 
of  using  the  correct  keys  and  the  lack  of  explicit  definition,  all  256  rotation  values  [0-255] 
are  used.  256  possibilities. 

-  In  the  key  schedule,  how  is  the  second  rotate  value  shift  calculated?  [XOR  of  all  bytes 
of  expanded_keyl]  Because  of  the  lack  of  explicit  definition  of  how  the  rotation  value  is 
calculated,  and  if  rotation  is  iterative  with  the  first  performed,  all  256  rotation  values  [0- 
255]  are  used.  256  possibilities. 

-  Expanded  key  altered  by  XOR  of  columns  [Yes/No]  2  possibilities. 

-  Next  the  number  of  encryption  keys  checked  is  discussed.  To  cover  potential 
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implementation  specific  issues,  alternate  endianess  representations  of  the  two  keys  for 
architectures  ranging  from  16-bit  to  128-bit  (excessively  large  range  for  completeness) 
are  used.  Note  this  is  only  applied  to  the  keys  and  not  plaintext  because  the  all  0  plaintext 
will  still  result  in  a  match.  8  possibilities.  When  the  encryption  key  is  stored  as  a  4x4 
matrix,  by  design  it  is  to  be  stored  by  filling  the  rows.  When  the  plaintext  is  stored  as  a  4x4 
matrix,  by  design  it  is  to  be  stored  by  filling  the  columns.  To  cover  any  potential  mixup  of 
these  details,  the  transpose  of  the  key  is  also  checked.  2x  possibilities.  Totally  that  makes 
(2  -I-  8)  X  2  =  20  encryption  keys.  20  possibilities. 

-  Finally  the  number  of  plaintext  checked  is  discussed.  As  mentioned  above,  the  key  and 
plaintext  are  stored  in  a  different  indexing.  To  overcome  a  potential  mixup,  the  transpose 
of  each  plaintext  is  also  encrypted.  2x  possibilities.  Totally  this  makes  4x2  =  8  plaintext. 

8  possibilities. 

When  all  these  moving  parts  are  checked  in  totality,  it  amounts  to2xlx2x3x256x 
256  x2x20x8  =  251, 658, 240  or  approximately  a  quarter  of  a  billion  encryptions.  All  of 
these  were  checked,  and  no  match  was  found.  The  authors  of  the  paper  were  also  reached 
out  to  for  more  validation  data,  intermediate  calculations,  or  more  detail  and  definition, 
but  no  response  was  received.  Thus,  given  the  thorough  validation  efforts,  and  the  amount 
of  ambiguity  found  in  [22],  an  implementation  was  chosen  which  was  most  logical  and 
followed  most  directly  from  the  data  provided  in  the  paper.  This  implementation,  RAES, 
is  logically  described  in  Section  3.2.2,  with  walk  through  encryption  and  key  schedule 
examples  to  best  facilitate  repeatability  and  future  validation  and  verification  provided  in 
Appendix  B. 
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Appendix  B:  RAES  Validation  Data 


Round 

0 

Round 

Key 

0 

[  50, 

136, 

49, 

224] 

[  25, 

160, 

154, 

233] 

[  43, 

40, 

171, 

9] 

[  67, 

90, 

49, 

55] 

AK 

[  61, 

244, 

198, 

248] 

[126, 

174, 

247, 

207] 

[246, 

48, 

152, 

7] 

--> 

[227, 

226, 

141, 

72] 

[  21, 

210, 

21, 

79] 

[168, 

141, 

162, 

52) 

[190, 

43, 

42, 

8] 

[  22, 

166, 

136, 

60] 

Round 

1 

Round 

Key 

1 

[  25, 

160, 

154, 

233] 

[212, 

224, 

184, 

30] 

[212, 

224, 

184, 

30] 

[  4, 

224, 

72, 

40] 

[164, 

104, 

107, 

2] 

[160, 

136, 

35, 

42] 

[  61, 

244, 

198, 

248] 

SB 

[  39, 

191, 

180, 

65] 

SR 

[191, 

180, 

65, 

39] 

MC 

[102, 

203, 

248, 

6] 

AK 

[156, 

159, 

91, 

106] 

[250, 

84, 

163, 

108] 

[227, 

226, 

141, 

72] 

-> 

[  17, 

152, 

93, 

82] 

-> 

[  93, 

82, 

17, 

152] 

-> 

[129, 

25, 

211, 

38] 

-> 

[127, 

53, 

234, 

80] 

[254, 

44, 

57, 

118] 

[190, 

43, 

42, 

8] 

[174, 

241, 

229, 

48] 

[  48, 

174, 

241, 

229] 

[229, 

154, 

122, 

76] 

[242, 

43, 

67, 

73] 

[  23, 

177, 

57, 

5] 

Round 

2 

Round 

Key 

2 

[164, 

104, 

107, 

2] 

[  73, 

69, 

127, 

119] 

[  73, 

69, 

127, 

119] 

[  88, 

27, 

219, 

27] 

[170, 

97, 

130, 

104] 

[242, 

122, 

89, 

115] 

[156, 

159, 

91, 

106] 

SB 

[222, 

219, 

57, 

2] 

SR 

[219, 

57, 

2, 

222] 

MC 

[  77, 

75, 

231, 

107] 

AK 

[143, 

221, 

210, 

50] 

[194, 

150, 

53, 

89] 

[127, 

53, 

234, 

80] 

-> 

[210, 

150, 

135, 

83] 

-> 

[135, 

83, 

210, 

150] 

-> 

[202, 

90, 

202, 

176] 

-> 

[  95, 

227, 

74, 

70] 

[149, 

185, 

128, 

246] 

[242, 

43, 

67, 

73] 

[137, 

241, 

26, 

59] 

[  59, 

137, 

241, 

26] 

[241, 

172, 

168, 

229] 

[  3, 

239, 

210, 

154] 

[242, 

67, 

122, 

127] 

Round 

3 

Round 

Key 

3 

[170, 

97, 

130, 

104] 

[172, 

239, 
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Figure  B.l:  AES-128  Encryption  and  Expanded  Key  of  [1]  Example  Data. 
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Figure  B.2:  RAES-128  Type  1  Eneryption  and  Expanded  Key  of  [1]  Example  Data. 
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Figure  B.3:  RAES-128  Type  2  Eneryption  and  Expanded  Key  of  [1]  Example  Data. 
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Figure  B.4:  RAES-128  Type  3  Eneryption  and  Expanded  Keys  of  [1]  Example  Data. 
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Figure  B.5:  RAES-128  Type  4  Eneryption  and  Expanded  Keys  of  [1]  Example  Data. 
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